Chapter 7 - 04 - Understand Different Types of IDS-IPS and their Role - 08_ocred.pdf
Document Details
Uploaded by barrejamesteacher
null
Tags
Related
- Chapter 7 - 04 - Understand Different Types of IDS-IPS and their Role - 07_ocred.pdf
- Chapter 7 - 04 - Understand Different Types of IDS-IPS and their Role - 09_ocred.pdf
- Chapter 7 - 04 - Understand Different Types of IDS-IPS and their Role - 10_ocred.pdf
- Chapter 7 - 04 - Understand Different Types of IDS-IPS and their Role - 11_ocred PDF
- Chapter 7 - 04 Network Security Controls - Technical Controls PDF
- Chapter 7 - 04 - Understand Different Types of IDS-IPS and their Role - 02_ocred_fax_ocred.pdf
Full Transcript
Certified Cybersecurity Technician Network Security Controls — Technical Controls Exam 212-82 Alert Systems 1 An alert system sends an alert message when any anomaly or misuse is detected OSSEC HIDS Alerts in Sguil 2OUL A1 e Qe e St et | b Samd OF Seefem sk Geatene e Gl R Snort NIDS Alerts in Sguil...
Certified Cybersecurity Technician Network Security Controls — Technical Controls Exam 212-82 Alert Systems 1 An alert system sends an alert message when any anomaly or misuse is detected OSSEC HIDS Alerts in Sguil 2OUL A1 e Qe e St et | b Samd OF Seefem sk Geatene e Gl R Snort NIDS Alerts in Sguil Cammectent To batud 2000168 12 38 G £ Qe D St OF Mte e Gt s S ). e rnen 17 10 e o | W PtG e < b s e e Cou® e s N O e Cree TR Owked| Alert Systems Alert systems trigger an alert whenever sensors detect malicious activity in the network. The alert communicates to the IDS about the type of malicious activity and its source. The IDS uses triggers to respond to the alert and take countermeasures. An IDS can send alerts using the following methods: = Pop-up windows = Email messages = Sounds = Mobile messages When a sensor triggers an alert, there are three possibilities: = The sensor has correctly identified a successful attack. This alert is most likely relevant and is termed as a true positive. * The sensor has correctly identified an attack, but the attack failed to meet its objectives. Such alerts are known as non-relevant positive or non-contextual. = The sensor incorrectly identified an event as an attack. This alert represents incorrect information and is termed as a false positive. As more IDSs are developed, security professionals would face the task of analyzing an increasing number of alerts resulting from the analysis of different event streams. In addition, IDSs are far from perfect and may produce both false positives and non-relevant positives. Module 07 Page 844 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Controls — Technical Controls Exam 212-82 soul-o.&o-cmmw Fée Query Repons Sound Off ReafTene Everts | Escaaed Everes| 3 0 2 2 2 €0 4 35 1 3 105 81 1 bod-vitua.. 11782 bobvima.. bobvimua.. bobwewa. tobvita.. bobvimua.. bodvima.. bobvimua. boovita. bobvima.. bopvitua.. bobvitua.. bobwvitua 11402 11749 11751 11748 11653 11649 11657 33655 33382 13202 33474 139 201909-19021451 20190909 082305 2019091901093¢ 20190919 014216 20190919010848 201909-1901:0000 20190919 005855 20190919010003 20181224 121106 0190925032531 20190919 150201 20191224 062105 20190925032531 1PResonsion | Agere st 1 bob.. 3 2 bobvituabma.. poo.. boo. boovnaima. bobvmaima. [l [l - martn UsentD:2 ossec soon
