1. Monitor activity 2. Audit Sys config 3. Assess system integrity 4. Recognise known attacks 5. Indentify abnormal activity 6. Manage audit trails 7. Correct config errors 8. Install/open traps to record info

- Network (links/backbones) - Host (OS) - Distributed (group of remote sensor IDSes) - Gateway (deployed at gateway)

- Inaccuracy for exploit based signatures - Cannot recognise unknown intrusions - Cannot provide quality forensics info

2 - IDS Flashcards by Josh Davidson

IDS

Intrusion Detection Systems

How well did you know this?

Not at all

Perfectly

Define an intrusion

Set of actions aimed to compromise security

How well did you know this?

Not at all

Perfectly

Activity is suspicious (IDS) if

Matches a pattern for known malicious activity
Differs significantly from previous patterns of use.

How well did you know this?

Not at all

Perfectly

IDS Components

Audit Data Preprocessor
Detection Engine (+Models)
Decision Engine (+Table)

How well did you know this?

Not at all

Perfectly

IDS Functions

Monitor activity
Audit Sys config
Assess system integrity
Recognise known attacks
Indentify abnormal activity
Manage audit trails
Correct config errors
Install/open traps to record info

How well did you know this?

Not at all

Perfectly

IDS Types

Network (links/backbones)
Host (OS)
Distributed (group of remote sensor IDSes)
Gateway (deployed at gateway)

How well did you know this?

Not at all

Perfectly

IDS responses

Alarm
Cut user access
Reject traffic
…

How well did you know this?

Not at all

Perfectly

IDS Problems

Inaccuracy for exploit based signatures
Cannot recognise unknown intrusions
Cannot provide quality forensics info

How well did you know this?

Not at all

Perfectly

IDS before or after firewall

Before can be very slow but after might be quicker.

Before might be required to protect firewall

How well did you know this?

Not at all

Perfectly

2 - IDS Flashcards

(9 cards)