Adrian Leal

Shin-Ping Tucker

ITS 370

Chapter 7

 

1.       A key feature of hybrid IDPS systems is event correlation. After researching event correlation online, define the following terms as they are used in this process: compression, suppression, and generalization.

Event correlation is a technique for making sense of a large number of events and pinpointing the few events that are really important in that mass of information. This is accomplished by looking for and analyzing relationships between events. The goal of integrated management is to integrate the management of networks (data, telephone and multimedia), systems (servers, databases and applications) and IT services in a coherent manner.

Compression is the degree to which redundant or inconsequential data can be removed to compress the resulting dataset.

Suppression is the ability of a correlation engine to suppress false positive triggers from raising an unwarranted alarm.

Generalization is the ability to extrapolate a known exploit signature into a general purpose alert.

 

2.       ZoneAlarm is a PC-based firewall and IDPS tool. Visit the product manufacturer at www.zonelabs.com and find the product specification for the IDPS features of ZoneAlarm. Which ZoneAlarm products offer these features?

ZoneAlarm offers a variety of products that are meant to protect your PC. They also offer mobile security since mobile devices are increasing in popularity. Some of their products with IDPS features are:

ZoneAlarm PRO FIREWALL 2017: Proactively protects against inbound and outbound cyber-attacks. Monitors for suspicious behaviors on your PC. Shields your operating system even during start-up.

Zonealarm PRO ANTIVIRUS+ 2017: Antivirus software protects against malicious threats & attacks. Powerful firewall safeguards your identity and online privacy. Two-way firewall blocks intruders and safeguards your data.

Zonealarm EXTREME SECURITY 2017: Best antivirus software, including zero-day attack prevention. Total Protection for your PCs. 100% Virus-free guaranteed. Terms. Includes Find My Laptop, PC Tune-Up, Online Backup. Identity Protection Services, and more. https://www.zonealarm.com/software/

 

3.       Using the Internet, search for commercial IDPS systems. What classification systems and description are used, and how can they be used to compare the features and components of each IDPS? Create a comparison spreadsheet to identify the classification systems you find.

IDPS technologies may be classified according to different parameters namely: the methodologies they employ to detect intrusions: signature-based detection, anomaly-based detection and stateful protocol analysis. The functionalities they provide, which ultimately differentiate passive systems (IDSs) from re-active systems (IPSs). The type of events they monitor, which are closely related to the type of systems they guard: a wired network, a wireless network or a single host. In addition to these, a fourth type of IDPS may be identified, which is known as Network Behavior Analysis (NBA) IDPS. GFI Events Manager is a network wide event log monitor solution that automatically analyses and archives logs from a variety of machines, devices and systems like Windows servers and workstations, firewalls, routers, SQL Server and Oracle databases, IIS, SharePoint and Exchange servers and many more. It is a very efficient tool for assessing the security and health condition of your network systems.

 

4.       Use the Internet to search for ďlive DVDV security toolkit.Ē Read a few Web sites to learn about this class of tools and their capabilities. Write a brief description of a live DVD security you find.

Network Security Toolkit: Welcome to the Network Security Toolkit (NST). This bootable ISO live DVD/USB Flash Drive (NST Live) is based on Fedora. The toolkit was designed to provide easy access to best-of-breed Open Source Network Security Applications and should run on most x86_64 systems. The main intent of developing this toolkit was to provide the security professional and network administrator with a comprehensive set of Open Source Network Security Tools. An advanced Web User Interface (WUI) is provided for system/network administration, navigation, automation, network monitoring, host geolocation, network analysis and configuration of many network and security applications found within the NST distribution. In the virtual world, NST can be used as a network security analysis validation and monitoring tool on enterprise virtual servers hosting virtual machines. http://www.networksecuritytoolkit.org/nst/index.html

 

5.       Several online passphrase generators are available. Locate at least two on the Internet and try them. What did you observe?

Xkcd Password Generator: Itís a novel idea, but xkcd stops short of actually recommending such passwords, and so will I. Use at your own peril! Iím not responsible for anything that happens as a result of your password choice. http://preshing.com/20110811/xkcd-password-generator/

Secure Password Generator: This site lets you personalized your password depending on the length, symbols, numbers, uppercase and lowercase, and other characteristics that you would like to include. https://passwordsgenerator.net/

Untroubled: This site allows the user to decide the number of words that the password must contain. It also offers to possibility to determine the minimum and the maximum length of the password, capitalize letters, and numbers. https://untroubled.org/pwgen/ppgen.cgi