Post 2-5

Rae2021

post2-52.docx

Home >Information Systems homework help >Post 2-5

Direction: each question has to be answers with 100 words and its own cite.

Packet Analysis

Topic 2: Understanding Signature Analysis

A signature is a set of characteristics such as IP numbers and options, TCP flags, and port numbers. Suspicious TCP/IP packets fall into several categories: Bad header information, suspicious data payload, single packet attacks, and multiple packet attacks. Describe and provide one example of one of these.

Packet Analysis

Topic 2a: Suspicious Network Events

You can identify a variety of suspicious network events including orphaned packets, land attacks, local host spoofs, falsified protocol numbers, and illegal combination of TCP flags. In your own words, clearly define any one of these.

Deploying a HIPS

Topic 3: Threats Posed by Known Exploits

One of the factors to consider when deciding whether or not to deploy a host IPS on a system is to look at the type of operating system and applications used on the system. Are there any known exploits for this operating system and any of the applications used on those systems? Search the Internet and provide one example of each of these. Do not repeat what has already been posted by other students.

Deploying a HIPS

Topic 3a: Signature Tuning

Most IPS devices provide a single default configuration or multiple default configurations. What are false positives? Why is it important to tune your IPS to generate false positives on your network? In your own words, clearly distinguish any two of these.

HIPS Capabilities

Topic 4: Blocking Malicious Code Activities

A host intrusion prevention system must be able to do more than generate and alert or log malicious code attacks on a host. Search the Internet and describe one type of malicious code attack. Do not repeat what has already been posted by other students.

HIPS Capabilities

Topic 4a: Life Cycle of an Attack

To be successful, attacks must be accomplished through an ordered set of tasks: Probe, penetrate, persist, propagate, and paralyze. In your own words, clearly distinguish any two of these.

Goal of an IDPS

Topic 5: Signature Detection

There are three primary detection methodologies: Signature detection, anomaly detection, and stateful protocol analysis. In your own words, what is signature detection all about? Provide a credible source to support your answer.

Goal of an IDPS

Topic 5a: Discuss signature detection systems

There are three primary detection methodologies: Signature detection, anomaly detection, and stateful protocol analysis. In your own words, what is the difference between anomaly detection and stateful protocol analysis?