Network Security and Malware Protection

Questions and Answers

What is the primary propagation method for a virus?

Through email (correct)

Through infected files

Through FTP programs

Through active codes

What is the purpose of email and attachment scanning?

To scan files on your system

To scan emails and attachments for viruses (correct)

To download files from the internet

To schedule a complete scan of the system

When should you schedule a complete scan of the system?

Quarterly

Monthly

Daily

Weekly (correct)

What type of scanning operates on files you select for downloading?

Download scanning

What can be vehicles for malicious code?

Java applets and ActiveX

What is the purpose of file scanning?

To scan files on your system for viruses

How often should you scan your system for viruses?

On an on-demand basis

What type of scanning is essential for any quality virus scanner?

Active code scanning

What is the purpose of a virus scanner?

To detect and remove malware from a system

What is the primary function of Nmap?

To identify vulnerabilities in a system

What is the purpose of subscribing to Shadowserver notifications?

To receive alerts on potential security threats in managed networks

Why is it important to encrypt backup streams over the Internet and enterprise networks?

To ensure secure data transmission

What is the purpose of employing software or services that enable vulnerability detection?

To know where you are vulnerable

What is the purpose of a .dat file in virus scanning?

To contain a list of known virus definitions

What happens when you update your virus definitions?

The current file is replaced by the more recent one available from the vendor

Why is it important to regularly check antivirus logs?

To identify potential security threats

What is the main advantage of federated identity schemes?

Single sign-on access to services across the federation

What is an intrusion characterized as?

Attempts to affect confidentiality, integrity, or availability

What is the purpose of an intrusion detection system (IDS)?

To detect and prevent intrusions

What type of IDS monitors a single host and its events?

Host-based IDS

What is the role of sensors in an IDS?

To collect data from system components

What do host-based IDSs determine exactly?

Which processes and user accounts are involved in an attack

What does a network-based IDS monitor?

Network traffic for particular network segments or devices

What is the goal of intrusion detection?

To detect and warn of intrusions in real-time

What is the primary benefit of a host-based IDS?

It detects both external and internal intrusions

What is threshold detection in anomaly detection?

An approach that involves defining frequency thresholds for events

What is the purpose of profile-based anomaly detection?

To develop a profile of user activity to detect changes

What type of systems are often protected with host-based IDSs?

Database servers and administrative systems

What is the difference between host-based and network-based IDSs?

Host-based IDSs detect both internal and external intrusions, while network-based IDSs detect only external intrusions

What is the main advantage of using a combination of anomaly and misuse detection in host-based IDSs?

It provides comprehensive protection against various types of intrusions

What do sensors collect and forward to an analyzer?

Network packets, log files, and system call traces

What is the primary function of an analyzer in an IDS?

To determine if an intrusion has occurred

What is the benefit of detecting an intrusion quickly?

It allows for all of the above

What is the purpose of an IDS in terms of intrusion prevention?

To deter intrusions from occurring

What is the assumption that intrusion detection is based on?

The behavior of an intruder differs from that of a legitimate user

What is the primary function of a user interface in an IDS?

To provide a way to view output from the system and control its behavior

What is the benefit of intrusion detection in terms of strengthening intrusion prevention measures?

It enables the collection of information about intrusion techniques

What is the expectation regarding the distinction between an attack by an intruder and the normal use of resources by an authorized user?

There is some overlap between the two

Study Notes

Malware Protection Activities

• Implement controls to prevent or detect the use of known or suspected malicious websites (blacklisting)
• Use software or services to identify vulnerabilities, such as Nmap, Metasploit, Nessus, and Rapid7
• Monitor logs and network activity for indicators of malicious software
• Regularly check antivirus logs and subscribe to Shadowserver notifications
• Enable employees to report problems to IT security
• Gather vulnerability and threat information from online sources

Malware Protection Software - Virus Scanners

• A virus scanner is software that tries to prevent a virus from infecting a system
• Virus scanners work by containing a list of known virus definitions, which are regularly updated by vendors
• When updated, the current file is replaced with a more recent one from the vendor
• Antivirus programs scan PCs, networks, and incoming email for known virus files

Virus-Scanning Techniques

• Email and attachment scanning: scans email and attachments before users open them
• Download scanning: scans files downloaded from the Internet
• Active code scanning: scans active codes, such as Java applets and ActiveX, before downloading
• File scanning: periodically scans files on a system to detect known viruses

Federated Identity Management

• Implement interoperable federated identity schemes for single sign-on (SSO) access to services across organizations

Intrusion Detection

• Intrusion: violation of security policy, including unauthorized access or attempts to affect confidentiality, integrity, or availability
• Intrusion detection: collecting and analyzing data for signs of intrusions
• Intrusion Detection System (IDS): hardware or software that gathers and analyzes information to detect unauthorized access

Types of Intrusion Detection Systems

• Host-based IDS: monitors characteristics of a single host for suspicious activity
• Network-based IDS: monitors network traffic for suspicious activity

Components of an IDS

• Sensors: collect data from various sources, such as network packets, log files, and system call traces
• Analyzers: receive input from sensors and determine if an intrusion has occurred
• User interface: enables users to view output and control the behavior of the system

Principles of Intrusion Detection

• Quick detection enables swift response to intrusions, minimizing damage
• Effective IDS serves as a deterrent, preventing intrusions
• Intrusion detection enables collection of information to strengthen intrusion prevention measures

Description

This quiz covers various aspects of network security, including preventing access to malicious websites, detecting vulnerabilities, and monitoring logs and network activity for malware indicators.