Professional Documents
Culture Documents
2. Distinguish between these IDS level of skills : Apparentice, Journeyman and Master
~Apprentice-minimal technical skill who primarily use existing attack toolkits
~easiest to defend cause use existing tools aka. “Script-kiddies“
~Journeyman-Hackers with sufficient technical skills to modify and extend attack toolkits to
use newly discovered, or purchased, vulnerabilities,able to locate new vulnarabilities.
~Master-Hackers with high-level technical skills capable of discovering brand new categories of
vulnerabilities
-write powerful toolkits,hardest to defend
3. List type of IDS you have learned and describe its’ function
4. Differentiate between Anomaly Detection and Signature Detection
~Involves the collection of data relating to the behavior of legitimate users over a period of
time
Current observed behavior is analyzed to determine whether this behavior is that of a
legitimate user or that of an intruder
Threshold detection
checks excessive event occurrences over time
alone a crude and ineffective intruder detector
must determine both thresholds and time intervals
lots of false positive/false negative may be possible
Profile based
characterize past behavior of users/groups
then detect significant deviations
based on analysis of audit records: gather metrics
Signature detection
~Uses a set of known malicious data patterns or attack rules that are compared with
current behavior. Also known as misuse detection. Can only identify known attacks for
which it has patterns or rules (signature). Very similar to anti-virus (requires frequent
updates)
Rule-based penetration identification
rules identify known penetrations/weaknesses
often by analyzing attack scripts from Internet (CERTs)
5. Intrusion detection is a complex business. Whether you deploy an intrusion detection system
(IDS), or you collect and analyze the computer and device logs on your network, identifying
malicious traffic in a sea of legitimate activity can be both difficult and time consuming. Explain
what is honeypot and Justify the reason why you use Honeypot in your network
7. Can an IDS, DMZ and honeypot together achieve better network security? Justify your answer
Whether worth it ips hojneypot dmz works togrther .jusitfy your answer
Advantage n disadvantage of honeypot dmz and ids
8. The differences between SNORT IDS and Wireshark IDS?
9.
10.