Term
| Intrusion Detection Systems |
|
Definition
| Real time, passive analysis of threats with limited prevention capability, usually a sensor on a firewall, spanned port in a switch, etc. |
|
|
Term
| What allows combined firewall / IDS / malware scanner with active response (prevention)? |
|
Definition
| Unified Threat Management (UTM) |
|
|
Term
| Intrusion Prevention Systems (IPS / NIPS / IDP) |
|
Definition
| Can apply filters to the firewall, throttle bandwidth, modify packets, etc in order to help prevent threats. |
|
|
Term
| In-Band is less secure compared to what? |
|
Definition
|
|
Term
| Host Based Intrusion Detection |
|
Definition
| Agent software running on a host that monitor log files, system integrity, network interfaces, and process launches. |
|
|
Term
| Host-based Intrusion Prevention System (HIPS) |
|
Definition
oPrevent changes to files
oPrevent services from being disabled
oLog off users
oClose network connections |
|
|
Term
| Host Based Intrusion Detection Issues |
|
Definition
oBetter visibility into application-level data
oVulnerable to interference by malware
oCan be resource-intensive |
|
|
Term
| Signature Based Intrusion Detection Systems |
|
Definition
| Intrusion Detection Systems can identify attacks based on defined threats. |
|
|
Term
|
Definition
| Intrusion Detection Systems can learn normal system behaviors in order to flag abnormal behaviors. |
|
|
Term
|
Definition
| Intrusion Detection Systems identify traffic that is non-compliant with RFCs |
|
|
Term
| Security Information and Event Management (SIEM) |
|
Definition
| Aggregates and correlates information from multiple log files in order to identify and flag threats. |
|
|
Term
|
Definition
oEvent
oAudit
oSecurity
oAccess
oApplication |
|
|
Term
|
Definition
| Expected pattern of operation. |
|
|
Term
|
Definition
| Variation in baseline that can set off an alert. |
|
|
Term
| Methods to make logs secure |
|
Definition
oWritable only by system processes
oAppend-only
oRemote logging
oWrite Once, Read Many (WORM) media |
|
|
Term
| Methods to prevent logs from creating disk space problems |
|
Definition
oTime zone offset
oTime / date synchronization
oEvent deduplication |
|
|
Term
| What is covertly removing data from its secure storage system? |
|
Definition
|
|
Term
| What scans files for matched strings and prevent unauthorized copying / transfer? |
|
Definition
| Data Loss Prevention (DLP |
|
|
Term
| What do Rights Management Services Do? |
|
Definition
•Assign file permissions for different document roles
•Restrict printing and forwarding of documents
•Restrict printing and forwarding of email messages |
|
|
Term
| What verifies integrity of files? |
|
Definition
| Cryptographic hash or file signature |
|
|
Term
| Signature-based detection is failing to identify what? |
|
Definition
|
|
Term
|
Definition
|
|
Term
| Network and host behavior anomalies drive what? |
|
Definition
|
|
Term
| What does a dropper do if ran as admin? |
|
Definition
| Installs APT tools disguised as legitimate processes / DLLs. |
|
|
Term
| What Do You Do To Take Care Of Malware? |
|
Definition
|
|
