5-3 Flashcards
a message from the analyzer indicating that an event of intrest has occured
alert
the part of the ids used to manage
manager
the process or method by with the ids manager makes the operator aware of an alert
operator
an occurrence that indicates a suspicious activity may have occurred
event
is the raw information that the ids use to detect suspicious activity
data source
IDS can be classified based on how they respond to detected anomalies or based on how they are ______________
deployed
an active ids , whichis also called an __________ will stop any traffic deemed to be malicious activity.
IPS
you can also define IDS/IPS based on whether a single ____________ or an entire network segment is monitored
machine is monitored
most well-known open-source IDS available. its software that’s installed on a server to monitor traffic. works with host based firewall. is available for Unix, Linux, Free BSD, and windows.
snort
the consule displays a continuous stream of the contents of all packets coming across the machine
packet sniffer mode
similar to packet sniffer mode. the difference being that the packet contents are written to a text file log rather then displayed on the console
packet logger
with _________ snort uses a heuristic approach to detecting anomalous traffic
network intrusion detection
cisco has 2 widely used IDS prodcuts, Cisco IDS 4200 Series Sensors and Cisco Catalyst ________ series
4200 and 6500
firepower 4100 is meant for _____________. and firewpower 9000 series is meant for _________
smaller network // larger networks
one of the benefits to using cisco security products is their ________ across the industry
widespread use
