Review Questions Chapter 7

  1. What common security system is an IDPS most like? In what ways are these systems similar?

We have home security alarm that are set with instructions to go off when a thief enter the home. The same mechanism is incorporated in IDPS.

  1. How does a false positive alarm differ from a false negative one? From a security perspective, which is least desirable?

When an IDPS recognizes a threat when it did not exist in reality, we call it a false positive. On the other hand a least desirable alarm is the false negative which occurs when a threat is present but the IDPS does not recognize and report it.

  1. How does a network-based IDPS differ from a host-based IDPS?

These two differ in the range of their responsibility i.e. network based IDPS protects a network while a host based IDPS secures a specific device or host.

  1. How does a signature-based IDPS differ from a behavior-based IDPS?

A signature based IDPS is fed with the identification of specific threats and a behavior based IDPS has specifications of threats and it observes the threats and corresponds in accordance to the specifications.


  1. What is a monitoring (or SPAN) port? What is it used for?

SPAN is a replicates data from a network switch. It is used as a storage device for an IDPS.

  1. List and describe the three control strategies proposed for IDPS control.

IDPS has different strategies for its control mechanisms including fully distributed, partially and centralized control strategies.

  1. What is a honeypot? How is it different from a honeynet?

When different honeypots are working together in a network to secure a system, it is referred to as honeypot. A honeypot diverts threats towards itself that were directed at the network.

  1. How does a padded cell system differ from a honeypot?

When a honeypot is suspected to be less secured, it is improved and then called a padded cell system.

  1. What is network footprinting? What is network fingerprinting? How are they related?

Footprinting is done to get information about the domains owned by an organization on the internet. Fingerprinting is the next level of footprinting which also gathers information about the resource utilized by an organization which is already been footprinted.

  1. Why do many organizations ban port scanning activities on their internal networks?

Internet service providers do not consider themselves responsible for external attacks that are performed via port scanning techniques. Therefore organizations ban it to secure themselves from threats.

  1. Why would ISPs ban outbound port scanning by their customers?

Customers might want to carry out attacks by port scanning. This is why ISP’s might ban it.

  1. What is an open port? Why is it important to limit the number of open ports to only those that are absolutely essential?

Open port is used from different services at port including accepting traffic through TCP. Ports should be configured so that they are ready to identify external threats.

  1. What is a vulnerability scanner? How is it used to improve security?

Vulnerability scanners keep a check on open ports and assesses their vulnerability to external threats. It is used to improve security as it identify poor prepared ports.

  1. What is the difference between active and passive vulnerability scanners?

Active vulnerability scanners can initiate network traffic while passive cannot.

  1. What kind of data and information can be found using a packet sniffer?

In each network packets travel all around. A packet sniffer can be utilized to monitor these packets.

  1. What capabilities should a wireless security toolkit include?

A wireless security toolkit must be able to manage the confidentiality and privacy of the wireless network.

  1. What is biometric authentication? What does the term biometric mean?

Biometric is from the biological aspects of a human that means measuring physical characteristics of human beings. These physical aspects like retina scans or finger prints are used in security clearance processes.

  1. Are any biometric recognition characteristics considered more reliable than others? Which are the most reliable?

Retina scan is considered as one of the most reliable biometric recognition tool.

  1. What is a false reject rate? What is a false accept rate? What is their relationship to the crossover error rate?

False reject rate is the rate at which authentic users are denied access while false accept rate is the rate at which non authentic users are granted access and identified as authentic. These both measures are used on cross over error rate to configure system sensitivity.

  1. What is the most widely accepted biometric authorization technology? Why do you think this technology is acceptable to users?

Signatures are the most widely accepted biometric authorization technology in the world in my opinion. It is accepted widely due to ease of availability.

  1. What is the most effective biometric authorization technology? Why do you think this technology is deemed to be most effective by security professionals?

Any biometric recognition that can most effectively differentiate between human physical attributes would be the most effective. At present time Iris is considered as the most effective biometric authentication technology.







Whitman, M. and Mattord, H. (2011). Principles of Information Security, 4th Edition.       Independence, KY: Cengage Learning.