5-1 Flashcards
an intrusion detection strategy that depends on detecting anomalous activities
anomaly detection
blocking all traffic from a suspect IP address
banishment vigilance
a type of intrusion detection strategy that seeks to profile the behavior of legitimate executables and compare that against the activity of any running program
executable profiling
an erroneous flagging of legitimate activity as an attempted intrusion by an IDS
false positive
one who tries to learn about a system by examining and reverse engineering it
hacker
a system or server designed to be very appealing to hackers, when in fact it is a trap to catch them
honeypot
the act of gaining access to secure portions of a network
intrusion
an ids strategy that is dependent upon making the system seem less attractive to intruders. it seeks to deflect attention away from the system
intrusion deflection
a system for detecting attempted intrusions. related to intrusion prevention systems that block suspected attacks
IDS
an ids strategy that attempts to deter intruders by making the system seem formidable, perhaps more formidable that it is
intrusion deterrence
a firewall solution that runs on an existing server
network-based
detecting any attempted intrusion throughout the network, as opposed to intrusion detection that only works on a single machine or server
network intrusion detection
sequentially pinging ports to see which ones are active
port scan
monitoring approach that measures the system-wide use of resources and develops a historic usable profile
resource profiling
a widely-used open source intrusion detection system
snort
