Physical Design Phase – Intrusion Detection Assignments
Answer the following questions. Use complete sentences.
1. How does a false positive alarm differ from a false negative one? From a security perspective, which is least desirable? A false positive attack is where the system IDPS was alarmed but no attack ever occurred. The false negative is where an actual attack occurs and the IDPS isn’t alarmed at all. The least desirable would definitely be the false negative, if an attack does occur and the IDPS doesn’t even alarm well what’s the point in even having it if it isn’t going to alarm.
2. What is a honeypot? How is it different from a honeynet? A honeypot is a decoy system that will lure potential hackers away from the networks critical systems. A honeynet is where the system subnet is constantly changing and it lures attackers away by redirecting the the subsystems that are rich in information.
3. What capabilities should a wireless security toolkit include? Definitely should be able sniff incoming packets, scan the wireless hosts, and be able to view the level of privacy. Keeping an eye on vulnerability is a must because wireless networks can be a little easier to breach especially if the right security measures are not implemented.
4. A key feature of hybrid IDPS systems is event correlation. After researching event correlation online, define the following terms as they are used in this process: compression, suppression, and generalization. Compression is when it will take several occurrences and will examine it multiple duplicates. Suppression is where the IDPS will just alert you if something major has happened instead of it just triggering off something simple it will still let you know that something triggered it. Associates alarms with higher leveled events, can be useful when corresponding with multiple failed ports.
5. ZoneAlarm is a PC-based firewall and IDPS tool. Visit the product