Bailey Johnson

ITS 370

CH7

 

1.       A key feature of hybrid IDPS systems is event correlation. After researching event correlation online, define the following terms as they are used in this process: compression, suppression, and generalization.

Compression is the degree to which redundant or inconsequential data can be removed to compress the resulting dataset

Suppression is the ability of a correlation engine to suppress false positive triggers from raising an unwarranted alarm.

Generalization is the ability to extrapolate a known exploit signature into a general purpose alert.

2.       ZoneAlarm is a PC-based firewall and IDPS tool. Visit the product manufacturer at www.zonelabs.com and find the product specification for the IDPS features of Zone Alarm. Which ZoneAlarm products offer these features?

ZoneAlarm Pro Antivirus and Firewall, ZoneAlarm Internet Security Suite and ZoneAlarm Extreme Security 2013 all include IDPS features.

3.       Using the Internet, search for commercial IDPS systems. What classification systems and descriptions are used, and how can they be used to compare the features and components of each IDPS? Create a comparison spreadsheet to identify the classification systems you find.

IDPS technologies may be classified based on different parameters, namely: the methodologies they employ to detect intrusions: signature-based detection, anomaly-based detection and stateful protocol analysis. The functionalities they provide ultimately differentiate passive systems (IDSs) from re-active systems (IPSs). The type of events they monitor, which are closely related to the type of systems they guard: a wired network, a wireless network or a single host. In addition to these, a fourth type of IDPS may be identified, which is known as Network Behavior Analysis (NBA) IDPS

4.       Use the Internet to search for “live DVD security toolkit.” Read a few Web sites to learn about this class of tools and their capabilities. Write of brief description of a live DVD security toolkit.

It’s an easily downloadable toolkit that provides Open Source Network Security Applications such as Web User Interface, navigation, automation, network monitoring, host geolocation, network analysis and configuration of other network and security applications.

5.       Several online passphrase generators are available. Locate at least two on the Internet and try them. What do you observe?

Pass Creator, Automated Password Generator, Password Boy, Random Password Generator, Strong Password Generator are some of online passphrase generators available. Length of the password can be changed. We see an option include symbols, numbers, lowercase and uppercase. Plus there is algorithm to generate passphrase as Pronounceable or completely random which is hard to crack.