keywords:
Bookmark and Share



Front Back
A(n) ____ occurs when an attacker attempts to gain entry or disrupt the normal operations of an information system, almost always with the intent to do harm.
intrusion
The ongoing activity from alarm events that are accurate and noteworthy but not necessaarily significant as potentially successful attacks  is called ____.
noise
Three methods dominate the IDPSs detectiion methods: ____-based approach, statistical anomoly-based approachor the stateful packet inspection approach.
signature
A signature-based IDPS is sometimes called a(n) ____-based IDPS.
knowledge
A(n) _____ system contains pseudo-services that emulate well-known services but is configures in ways that make it look vulnerable to attacks.
honeypot
**List and describe at least four reasons to acquire and use an IDPS (Intrusion Detection Prevention System)
  • To prevent problem behaviors by increasing the perceived risk of discovery and punishment for those who would attack or otherwise abuse the system. -fear of detection
  • To detect attacks and other security violations that are not prevented by other security measures. - network cannot protect itself or unable to respond rapidly, administrator workload.
  • To detect and deal with the preambles to attacks (commonly experienced as network probes and other "dorrknob rattling" activities). -initial estimation of the defensive state of an orgs network, by footprinting (gather network info) & finger-printing (scan for active sysytems & identify services) like a neighborhood watch.
  • To document the existing threat to an org.
  • To act as quality control for security design and administration, especially in large and complex enterprises. - allow for continuous improvements.
  • To provide useful information about intrusions that do take place, allowing improved diagnosis, recovery, and correction of causative factors.
List and describe the three advantages of NIDPSs.
(Network-based IDPS)
  • Good network design and placement of NIDPS devices can enable an oprganization to use a few devices to monitor a large network.
  • NIDPS are usually passive devices and can be deployed into existing networks with little or no disruption to normal network operations.
  • NIDPS are not usually susceptible to direct attack and, in fact, may not be detectable by attackers.
List and describe the four advantages of HIDPSs
(Host-based IDPS)
  • An HIDPS can detect local events on host systems and also detect attacks that may elude a networks-based IDPS.
  • An HIDPS functions on the host system, where encrypted traffic will have been decrypted and is available for processing.
  • The use of switched network protocols does not affect an HIDPS
  • An HIDPS can detect inconsisitencies in how applications and systems programs were used by examining
  • An HIDPS can detect inconsisitencies in how applications and systems programs were used by examining the records stored in audit logs. this can enable it to detect sometypes of attacks, including Trojan horse programs.
 
___ is the entire range of values that can possibly be used to construct an individual key.
a. Code
b. Keyspace
c. Algorithm
d. Cryptogram
b. Keyspace
____ is the information used in conjunction with an algorithm to create the ciphertext from the plaintext or derive the plaintext from the ciphertext.

a. Password
b. Cipher
c. Key
d. Passphrase
c. Cipher
More advanced substitution ciphers use two or more alphabets, and are referred to as ____ substitutions.

a. multialphabetic
b. monoalphabetic
c. ployalphabetic
d. polynomic
c. polyalphabetic
A method of encryption that requires the same secret key to encipher and decipher the message is known as ____ encryption.

a. assymetric
b. symmetric
c. public
d. private
b. symmetric
A(n) ____ occurs when an attacker attempts to gain entry or disrupt the normal operations of an information system, almost always with the intent to do harm.
intrusion
**__ An alert or intrusion is an indication that a system has just been attacked or is under attack. ______
F- alert or alarm
**List and describe at least four reasons to acquire and use an IDPS (Intrusion Detection and prevention Systems
  • To prevent problem behaviors by increasing the perceived risk of discovery and punishment for those who would attack or otherwise abuse the system. -fear of detection
  • To detect attacks  and other security violations that are not prevented by other security measures. -network unable to protect or respond rapidly, administrator workload, some vulnerable services are essential.
  • To detect and deal with the preambles to attacks (commonly experienced as a network probes and other "doorknob rattling" activities. -footprining( gather info about org & its network activities and assets), finger-printing ( scan for actve sysytems & identify networks services offered by host sysytems)-much like a neighborhood watch
  • To document existing threat to an organization. -one means of collecting data.
  • To act as quality control for security design and administration, especially in large and complex enterprises. -data collected can help with quality assurance and continuous improvement. Identify & repair emergent or residual flaws, thus expedite incident response prcess.
  • To provide useful information about intrusions that do take place, allowing improved diagnosis, recovery, and correction of causative factors. - after-attack review-how attack occurred, what was accomplished, what methods were used. Use info to remedy deficiencies & prepare for future attacks. provide forensic info.
The ongoing activity from alarm events that are accurate and noteworthy but not nesessarily significant as potentially successful attacks is called ____.
noise
Three methods dominate the IDPSs detection methods: _____-based approach, statistical anomoly-based approach or the stateful packet inspection approach.
signature
A signature-based IDPS is sometimes called a(n) ____-based IDPS.
kowledge
A(n) ____ system contains psuedo-services that emulate well-known services, but is configured in ways that make it look vulnerable to attacks.
honeypot
The science of encrypton is known as ____.
cryptology
The process of hiding messages within the digital encoding of a picture or graphic is called _____.
steganography
A mathematical ____ is a "secret mechanism that enables you to easily accomplish the reverse function in a one-way function."
trapdoor
Describe how hash functions work and what they are used for
Hash functions are mathematical algorithms that gnerate a message summary or digest (sometimes called a fingerprint) to confirm the identity of a specific message and to confirm that there have not been any changes to the content. While they do not create a ciphertext, hash functions confirm message identity, both of which are critical functions in e-commerce. Hash algorithms are public functions that create a hash value, also known as a message digest, by converting variable-length messages into a single fixed-length value. The message digest is a fingerprint of te author's message that is compared with th erecipient's locally calculated hash of the same message. If both hashes are identical after transmission, the message has arrived without modification. Hash functions are considered one-way operations in that the same message always provides the same hash value, but the hash value itself cannot be used to determine the contents of the message. Hashing functions do not requiew theuse of keys, but it is possible to attach a message authetication code (MAC) - a key-dependent, one-way hash function- that allows only specific recipients (symmetric key holders) to access the message digest.
because hash functions are one-way, they are used in password verification systems to confirm the identity of the user. In such systems, the hash value, or message digest, is calculated based upon the originally issued password, and this message digest is stored for later comparison. When the user logs on for the next session, the system calculates a hash value based on the user's password input, and this value is compared against th estored value to confirm identity.
x of y cards