s5-2

A hardware and/or software component deployed on a remote computer or network segment and designed to monitor network or system traffic for suspicious activities and report back to the host application. sensor. Intrusion detection and prevention typically includes. anomaly-based detection. clipping level.

Source IP addresses - Source and destination TCP - Number of packets and bytes transmitted in the session - Starting and ending timestamps for the session. sensor. Intrusion detection and prevention typically includes. anomaly-based detection. clipping level.

Also known as behavior-based detection- an IDPS detection method that compares current data and traffic patterns to an established baseline of normalcy. sensor. Intrusion detection and prevention typically includes. anomaly-based detection. clipping level.

A predefined assessment level that triggers a predetermined response when surpassed. sensor. Intrusion detection and prevention typically includes. anomaly-based detection. clipping level.

Also known as knowledge-based detection or misuse detection- the examination of system or network data in search of patterns that match known attack signatures. signature-based detection. stateful protocol analysis (SPA). log file monitor (LFM). security information and event management (SIEM).

The comparison of vendorsupplied profiles of protocol use and behavior against observed data and network patterns in an effort to detect misuse and attacks. signature-based detection. stateful protocol analysis (SPA). log file monitor (LFM). security information and event management (SIEM).

An attack detection method that reviews the log files generated by computer systemslooking for patterns and signatures that may indicate an attack or intrusion is in process or has already occurred. signature-based detection. stateful protocol analysis (SPA). log file monitor (LFM). security information and event management (SIEM).

A software-enabled approach to aggregating- filtering- and managing the reaction to events- many of which are collected by logging activities of IDPSs and network management devices. signature-based detection. stateful protocol analysis (SPA). log file monitor (LFM). security information and event management (SIEM).

A monitored network or network segment that contains multiple honeypot systems. honeynet. honeypot. padded cell system. back hack.

An application that entices people who are illegally perusing the internal areas of a network by providing simulated rich content while the software notifies the administrator of the intrusion. honeynet. honeypot. padded cell system. back hack.

A protected honeypot that cannot be easily compromised. honeynet. honeypot. padded cell system. back hack.

The process of illegally attempting to determine the source of an intrusion by tracing it and trying to gain access to the originating system. honeynet. honeypot. padded cell system. back hack.

The act of attracting attention to a system by placing tantalizing information in key locations. enticement. entrapment. pen register. trap-and-trace application.

The act of luring a person into committing a crime in order to get a conviction. enticement. entrapment. pen register. trap-and-trace application.

An application that records information about outbound communications. enticement. entrapment. pen register. trap-and-trace application.

An application that combines the function of honeypots or honeynets with the capability to track the attacker back through the network. enticement. entrapment. pen register. trap-and-trace application.

A logical sequence of steps or processes used by anattacker to launch an attack against a target system or network. attack protocol. fingerprinting. footprinting. port scanners.

The systematic survey of a targeted organization’s Internet addresses collected during the footprinting phase to identify the network services offered by the hosts in that range. attack protocol. fingerprinting. footprinting. port scanners.

The organized research and investigation of Internet addresses owned or controlled by a target organization. attack protocol. fingerprinting. footprinting. port scanners.

It used both by attackers and defenders to identify orfingerprint active computers on a network- the active ports and serviceson those computers- the functions and roles of the machines- and other useful information. attack protocol. fingerprinting. footprinting. Secure Software Sustainment.