Chapter 7 - 04 - Understand Different Types of IDS-IPS and their Role - 08_ocred_fax_ocred.pdf
Document Details
Uploaded by barrejamesteacher
null
OCRED
Tags
Related
- 9.3 IDS IPS v2.1.pdf
- Chapter 7 - 01 - Discuss Essential Network Security Protocols - 05_ocred_fax_ocred.pdf
- Chapter 7 - 04 - Understand Different Types of IDS-IPS and their Role - 06_ocred_fax_ocred.pdf
- Chapter 7 - 04 - Understand Different Types of IDS-IPS and their Role - 07_ocred_fax_ocred.pdf
- Chapter 7 - 04 - Understand Different Types of IDS-IPS and their Role - 11_ocred_fax_ocred.pdf
- Chapter 7 - 08 - Discuss Other Network Security Controls - 01_ocred_fax_ocred.pdf
Full Transcript
Certified Cybersecurity Technician Exam 212-82 Network Security Controls — Technical Controls...
Certified Cybersecurity Technician Exam 212-82 Network Security Controls — Technical Controls Alert Systems 1 An alert system sends an alert message when any anomaly or misuse is detected R OSSEC HIDS Alerts in Sguil Snort NIDS Alerts in Sguil. 2OUL A1 Cammectent To batud e e e Qe St Samd OF Seefem sk Geatene e Gl 2000168 12 38 G £ Qe D St OF Mte Gt s S ) rnen 17 10 e o e et | b | W PtG e < b s e e Cou® e s N O e Cree TR Owked| Alert Systems Alert systems trigger an alert whenever sensors detect malicious activity in the network. The alert communicates to the IDS about the type of malicious activity and its source. The IDS uses triggers to respond to the alert and take countermeasures. An IDS can send alerts using the following methods: = Pop-up windows = Email messages = Sounds = Mobile messages When a sensor triggers an alert, there are three possibilities: = The sensor has correctly identified a successful attack. This alert is most likely relevant and is termed as a true positive. * The sensor has correctly identified an attack, but the attack failed to meet its objectives. Such alerts are known as non-relevant positive or non-contextual. = The sensor incorrectly identified an event as an attack. This alert represents incorrect information and is termed as a false positive. As more IDSs are developed, security professionals would face the task of analyzing an increasing number of alerts resulting from the analysis of different event streams. In addition, IDSs are far from perfect and may produce both false positives and non-relevant positives. Module 07 Page 844 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Network Security Controls — Technical Controls soul-o.&o-cmmw - ® X Fée Query Repons Sound Off martn UsentD:2 20200103 12:39:25 GMT ReafTene Everts | Escaaed Everes| 3 bod-vitua.. 11782 201909-19021451 0000 1010.10.16 [ [OSSEC]) Wincows: Systéem Ume changed. 0 bobvima.. 11402 20190909 082305 0000 1010.10.16 0 [OSSEC) Windows: Logon Fasure - Unknown Us... 2 bobvimua.. 11749 2019091901093¢ 0000 10101016 0 [OSSEC] The aust log was Cleaed 2 bobwewa. 11751 20190919 014216 0000 0000 0 [OSSEC] PAM: User logn fased. 2 tobvita.. 11748 20190919010848 0000 0000 0 [OSSEC) Ustened ports status (netstat) change... €0 bobvimua.. 11653 201909-1901:0000 0000 10101016 0 [OSSEC] Integrty checksum changed. 4 bodvima.. 11649 20190919 005855 0000 10101016 0 [OSSEC) Hostbased anomaly detection event (... 35 bobvimua. 11657 20190919010003 0000 1010.10.16 0 [OSSEC] File added 1o the system. 1 boovita. 33655 20181224 121106 10101050 61121 10101016 177 17 GPL RPC xamcp info query 3 bobvima.. 33382 0190925032531 10101050 37618 10101016 45 6 GPLNETBIOS SMB.DS IPCS share access 105 bopvitua.. 13202 20190919 150201 10101050 10101016 1 GPLICMP_INFO PING "NIX 81 bobvitua.. 33474 20191224 062105 1010.10.79 10101016 1 GPLICMP_INFO PING "NIX 1 bobwvitua 139 20190925032531 10101050 8772 10101016 21 6 GPLFTPPORT bounce attempt v] " 1PResonsion | Agere st User. bob ¥ Deptty Dokt a] Ay Sep 19 12 42 15 bod-Virtuad-Machine sudo. pam _t agh) falure; logr = 1000 1 bob.. bobvituabma.. ossec 201909 || S0. o= 3 poo.. boovnaima. [l soon 201912 | e 0 2 boo. bobvmaima. [l
