Host based idss these are configured for a specific

This preview shows page 68 - 70 out of 196 pages.

We have textbook solutions for you!
The document you are viewing contains questions related to this textbook.
Security Awareness: Applying Practical Security in Your World
The document you are viewing contains questions related to this textbook.
Chapter 1 / Exercise 16
Security Awareness: Applying Practical Security in Your World
Ciampa
Expert Verified
Host-based IDSs —These are configured for a specific environment and will monitor various internal resources of the operating system to warn of a possible attack. They can detect the modification of executable programs, detect the deletion of files and issue a warning when an attempt is made to use a privileged command. Components of an IDS are: • Sensors responsible for collecting data in the form of network packets, log files, system call traces, etc. • Analyzers that receive input from sensors and determine intrusive activity • An administration console • A user interface Types of IDSs include: Signature-based —These IDS systems protect against detected intrusion patterns. The intrusive patterns they can identify are stored in the form of signatures. Statistical-based —These systems need a comprehensive definition of the known and expected behavior of systems. Neural networks —An IDS with this feature monitors the general patterns of activity and traffic on the network and creates a database. It is similar to the statistical model but with added self-learning functionality. Signature-based IDSs are not able to detect all types of intrusions due to the limitations of their detection rules. On the other hand, statistical-based systems may report many events outside of the defined normal activity that are still normal activities on the network. A combination of signature- and statistical-based models provides better protection. IDS FEATURES The features available in an IDS include: • Intrusion detection • Ability to gather evidence on intrusive activity • Automated response (e.g., termination of connection, alarm messaging) • Security policy • Interface with system tools • Security policy management IDS LIMITATIONS An IDS cannot help with the following weaknesses: • Weaknesses in the policy definition (see Policy section) • Application-level vulnerabilities • Back doors into applications • Weaknesses in identification and authentication schemes 21 ISACA, CISA Review Manual 2014 , USA Personal Copy of: Fardan Ahmed
We have textbook solutions for you!
The document you are viewing contains questions related to this textbook.
Security Awareness: Applying Practical Security in Your World
The document you are viewing contains questions related to this textbook.
Chapter 1 / Exercise 16
Security Awareness: Applying Practical Security in Your World
Ciampa
Expert Verified
Cybersecurity Fundamentals Study Guide 2015 63 ISACA. All Rights Reserved. Section 3: Security Architecture Principles In contrast to IDSs, which rely on signature files to identify an attack as (or after) it happens, an intrusion prevention system (IPS) predicts an attack before it occurs. It does this by monitoring key areas of a computer system and looking for “bad behavior,” such as worms, Trojans, spyware, malware and hackers. It complements firewall, antivirus and antispyware tools to provide complete protection from emerging threats. It is able to block new (zero-day) threats that bypass traditional security measures since it does not rely on identifying and distributing threat signatures or patches.

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture