This assignment covers chapters 1, 2, and 3 in the Network and System Security, 2nd Edition e-Book

Question 1 A _________ is a sequence of characters or encoded information that identifies when a certain event occurred, usually giving date and time of day; it is sometimes accurate to a small fraction of a second. Question 2 A good IDS detects unauthorized intrusions using one of three types of models: anomaly-based, ________-based, and hybrid detection. Question 3 A network intrusion is an unauthorized penetration of your enterprises network, or an individual machine address in your assigned domain. Intrusions can be ________ (in which the penetration is gained stealthily and without detection) or active (in which changes to network resources are effected). Question 4 Another type of IDS is based on a (an) _________ firewall scheme. These types of IDSs sit on all protected servers and are configured to protect specific applications. Question 5 Arguably one of the most common symptoms of an intrusioneither attempted or successfulis repeated signs that someone is trying to take advantage of your organizations own security systems, and the _____ you use to keep watch for suspicious network activity may actually be used against you quite effectively. Question 6 File integrity _________ is an internal control or process that performs the act of validating the integrity of the operating system and application software files using a verification method between the current file state and the known, good baseline. Question 7 For an IPS to be effective, it must also be very good at discriminating between a real threat signature and one that looks like but isnt one (false positive). Once a signature interpreted to be an intrusion is detected, the system must quickly notify the administrator so that the appropriate evasive action can be taken. The following are types of IPS: network-based, host-based, content-based, and _____-based. Question 8 Host-based IPS agents offer various intrusion prevention capabilities. Because the capabilities vary based on the detection techniques or activities used by each product, and there are many detection techniques or activities. One detection technique or activity is process ________ monitoring. Question 9 One type of IDS, known as an ______ IDS, can sit between your networks outside interface and your most critical systems. Question 10 The majority of the commercial detection of system intrusions are network-based. These DSIs detect attacks by capturing and _______ network packets.