Ayesha Rajbhandari

CH 7

1.     A key feature of hybrid IDPS system is event correlation. After researching event correlation online, define the following terms as they are used in this process compression, suppression, and generalization.

à IDPS stands for Intrusion detection prevention system.

Compression: it reduces multiple occurences of the same event into a single event when more than one occurrence of the same event occurs. This shows the engineers or analyst to see that the events are repeating and preventing to see all the instances.

 

Suppression: it allocates a priority for each alarm. When higher priority alarm exists, then the lower priority alarm is hidden.

 

Generalization: the events can be grouped in one class and alarms are associated to this superclass rather than associating specific alarm for each event.

 

2.     Zone alarm is a pc based firewall and idps tool. Visit the product manufacturer at www.zonelabs.com and find the product specification for the IDPS features of Zone Alarm. Which Zone Alarm products offer these features?

à Zone Alarm is a brand which has different types of security software developed by Zone Labs and check point software technologies. The zone labs offer variety of IDS features such as zone alarm internet security suite, zone alarm pro antivirus plus firewall and zone alarm pro firewall. If you install these products in the system then the IDS features will alert the user if any unauthorized changes are made in the systems.

 

3.     Using the internet, search for commercial IDPS systems. What classification systems and descriptions are used, and how can they be used to compare the feature and components of each IDPS? Create a comparison spreadsheet to identify the classification systems you find.

à the classification of intrusion detection system are host based IDS, Network Based IDS and hybrid based IDS. The classification is divided into two groups on the basis of the intrusion detection system and they are:

·      Expert systems

·      Signature analysis

·      State transition

·      Petri nets

·      Statistical based IDS

·      Data mining

·      Expert system IDS.

Comparison spreadsheet:

Name

type

OS

License

Based on

CSP alert plus

HIDS

windows

Commercial

Rule based

eEye retina

HIDS

windows

Commercial

Rule based

GFI events manager

HIDS

windows

Commercial

Rule based

Tripwire enterprise

HIDS

windows

commercial

Rule base

Arc sight

NIDS

N/A

commercial

Behavior based

IBM real secure server sensor

HIDS

Windows

Commercial

Rule based

McAfree Host intrusion prevention

HIDS

Linux, windows

commercial

rule based.

 

4.     Use the internet to search for “live DVD security toolkit”. Read a few web sites to learn about this class of tools and their capabilities. Write a brief description of a live DVD security toolkit.

à the live DVD security toolkit was designed to provide easy access to open source network security applications. It provides the security professional and network administrator with comprehensive set of open source network security tools. The web developers can also use the java script console with a built-in object library with functions that aid the development of the dynamic web pages. The CD has many security and utility tools. It will help to locate where you can do a security audit of a network.

5.     Several online passphrase generators are available. Locate at least two on the internet and try them. What did you observe?

à

1.     http://passwordsgenerator.net/

observations:

·      can require varied length of passphrases

·      can generate only 1 password at a time

·      list practices to protect the password to make it stronger.

·      Options to include special characters to make the passwords make stronger.

2.     https://www.random.org/paasswords/

observations:

·      can generate up to 100 passwords at a time.

·      Can specify up to 100 passwords at a time.

·      Can add our own identifier to the passwords

·      No special characters or non-alphanumeric characters in generated passwords phrases.

·      passwords can be 6-24 characters in length.