Chapter 7



1.       A key feature of hybrid IDPS systems is event correlation. After researching event correlation online, define the following terms as they are used in this process: compression, suppression, and generalization.

o   Compression is the degree to which redundant or inconsequential data can be removed to compress the resulting dataset.

o   Suppression is the ability of a correlation engine to suppress false positive triggers from raising an unwarranted alarm.

o   Generalization is the ability to extrapolate a known exploit signature into a general purpose alert

These are the definitions for those words used in the process for hybrid IDPS.


2.       ZoneAlarm is a PC-based firewall and IDPS tool. Visit the product manufacturer at and find the product specification for the IDPS features of ZoneAlarm. Which ZoneAlarm products offer these features?

The product specifications for the IDPS features of ZoneAlarm 2015 include IDPS features are:

· ZoneAlarm® 2015 PRO Antivirus + Firewall.


· ZoneAlarm® 2015 Internet Security Suite.


· ZoneAlarm® 2015 Extreme Security


These are the different products from ZoneAlarm that offer these features. It is a good deal to have them because they are worth the money.

3.       Using the Internet, search for commercial IDPS systems. What classification systems and descriptions are used, and how can they be used to compare the features and components of each IDPS? Create a comparison spreadsheet to identify the classification systems you find.

IDPS technologies may be classified based on different parameters, namely: the methodologies they employ to detect intrusions: signature-based detection, anomaly-based detection and stateful protocol analysis. The functionalities they provide ultimately differentiate passive systems (IDSs) from re-active systems (IPSs). The type of events they monitor, which are closely related to the type of systems they guard: a wired network, a wireless network or a single host. In addition to these, a fourth type of IDPS may be identified, which is known as Network Behavior Analysis (NBA) IDPS.


4.       Use the Internet to search for “live DVD security toolkit.” Read a few Web sites to learn about this class of tools and their capabilities. Write a brief description of a live DVD security toolkit.

Network Security Toolkit (NST) is a Linux-based Live DVD/USB Flash Drive that provides a set of free and open-source computer security and networking tools to perform routine security and networking diagnostic and monitoring tasks. it is based on fedora The toolkit was designed to provide easy access to best-of-breed Open Source Network Security Applications and should run on most x86_64 systems. 


5.       Several online passphrase generators are available. Locate at least two on the Internet and try them. What did you observe?

Pass Creator, Automated Password Generator, Password Boy, Random PasswordGenerator, Strong Password Generator are some of online passphrase generators available. Length of the password can be changed. We see an option include symbols, numbers, lowercase and uppercase. Plus there is algorithm to generate passphrase as Pronounceable or completely random which is hard to crack. Many people find phrases in their mother tongue, even if complete nonsense, easier to remember and type than passwords consisting of arbitrary letters and numbers. Of course, since only a minority of sequences of letters are words in a given language, the information density or entropy of such keys is lower, and consequently a phrase must be substantially longer than a meaningless key to be equally difficult to guess.