Chapter 7 Review Questions/Answers

  1. What common security system is an IDPS most like? In what ways are these systems similar?

IDPS is most like to a home burglar’s alarm. There is a specific set of instructions on IDPS that tells it to detect and prevent an outside attack.

  1. How does a false positive alarm differ from a false negative one? From a security perspective, which is least desirable?

False positive alarm is when an IDPS reacts to a threat that did not happen while a false negative alarm is when an IDPS fails to react to an actual threat or attack. False positive is least desirable because it make the system administrator less sensitive and they might not respond to an actual threat.

  1. How does a network-based IDPS differ from a host-based IDPS?

A network based IDPS is to protect a whole network while a host based IDPS protects a computer or any other specific host.

  1. How does a signature-based IDPS differ from a behavior-based IDPS?

A signature based IDPS is the one that is able to correspond to already established and databased threats. While the behavior based IDPS makes a decision about a threat based on a combination of instructions in its database.

  1. What is a monitoring (or SPAN) port? What is it used for?

It is a data port or a device that has the capability to capture and replicate from the switching device that it is attached to. It stores data for IDPS to analyze.

  1. List and describe the three control strategies proposed for IDPS control.

Three strategies are centralized, partially distributed and fully distributed IDPS controls.

  1. What is a honeypot? How is it different from a honeynet?

Honeypot are systems that are used to protect critical system. They function as decay systems and divert threats towards themselves from the critical systems. A combination of honeypots can be called a honeynet.

  1. How does a padded cell system differ from a honeypot?

Padded cell system is an improved and more secure honeypot that cannot be easily broken by external threats.

  1. What is network footprinting? What is network fingerprinting? How are they related?

The strategy in which an organized effort is made to locate the internet addresses or domains owned/controlled by an organization. Fingerprinting is the next stage of footprinting in which the resources and addresses of the target organization are ascertained.

  1. Why do many organizations ban port scanning activities on their internal networks?

Port scanning could be done by attackers to prepare their attacks on the organizational networks. Organizations ban port scanning because ISPs do not take responsibility for any attacks that are done via port scanning.

  1. Why would ISPs ban outbound port scanning by their customers?

ISPs ban outbound port scanning because this may be done to prepare attacks which might cause legal difficulties for the ISP.

  1. What is an open port? Why is it important to limit the number of open ports to only those that are absolutely essential?

Open port is a TCP that accepts traffic provides different services at port address. Ports should not be left ill configured and only used when necessary.

  1. What is a vulnerability scanner? How is it used to improve security?

This is a form of a software application that is utilized to check and monitor network ports that are kept open for different services.

  1. What is the difference between active and passive vulnerability scanners?

An active scanner has the capacity to initiate network traffic while a passive scanner utilizes traffic that is already in action.

  1. What kind of data and information can be found using a packet sniffer?

It can be used to collect and monitor the packets that travel over a network. It will show encryptions and also text transmission to the administrator of a network.

  1. What capabilities should a wireless security toolkit include?

It must be capable of scanning wireless hosts and manage the privacy and confidentiality that the wireless network allows.

  1. What is biometric authentication? What does the term biometric mean?

It is a form of identification that uses one or more physical human attributes to confirm security clearance. The term biometric mean to measure the physical characteristic of a person.

  1. Are any biometric recognition characteristics considered more reliable than others?

Which are the most reliable?

Definitely, some biometric recognitions are more reliable than others. The most commonly used are retina and fingerprint identifications.

  1. What is a false reject rate? What is a false accept rate? What is their relationship to the crossover error rate?

False reject rate is the percentage with which authentic users are denied access while false acceptance rate is the percentage with which non authentic users are identified as authentic. Crossover error rate is the value of false rejection rate and false acceptance rate at which the system sensitivity is configured.

  1. What is the most widely accepted biometric authorization technology? Why do you think this technology is acceptable to users?

Signatures are stored in a databased and compared when required and they are most widely used biometric authentication technology in the world.

  1. What is the most effective biometric authorization technology? Why do you think this technology is deemed to be most effective by security professionals?

Iris recognition is the most effective biometric authentication technology. Iris is a human physical characteristic that has the most unique patterns from person to person.