Tanner Carlson

ITS 370

CH7

10/27/2017

1.      A key feature of hybrid IDPS systems is event correlation. After researching event correlation online, define the following terms as they are used in the process: compression, suppression and generalization.

According to ComputerWorld, compression takes multiple occurrences of the same event, examines them for duplicate information, removes redundancies and reports them as a single event. ComputerWorld defines suppression as associating priorities with alarms and letting the system suppress an alarm for a lower-priority event if a higher-priority event has occurred. Generalization associates alarms with some higher-level events, which are what's reported, according to ComputerWorld. Generalization can be useful because it correlates events involving multiple ports on the same switch or router in the event that it fails.

2.      ZoneAlarm is a PC-based firewall and IDPS tool. Visit the product manufacturer at www.zonelabs.com and find the product specification for the IDPS features of ZoneAlarm. Which ZoneAlarm products offer these features?

While most of the ZoneAlarm products available on zonelabs.com have some IDPS protection included, the product that I found has the most IDPS protection is their Extreme Security package. This product comes with ZoneAlarms most powerful antivirus, threat emulation, advanced firewall, identity protection, parental controls, a find my laptop feature, a PC tune up feature and online backup. Through ZoneAlarm, threat traffic is monitored and blocked. This product works like a zoned firewall, because there are multiple layers.

3.      Using the Internet, search for commercial IDPS systems. What classification systems and descriptions are used and how can they be used to compare the features and components of each IDPS? Create a comparison spreadsheet to identify the classification systems you find.

There are six different classification systems used in IDPS. The intrusion detection approach offers anomaly detection and signature detection. The protected system approach includes HIDS, NIDS, and Hybrids of the two. The Structure approach includes centralized systems, distributed systems and agent systems. The data source approach offers audit trail network packets and system state analysis. The behavior after attack implements active IDS and passive IDS. The analysis timing approach focuses on “on-the-fly-processing” and interval based IDS.

4.      Use the Internet to search for “live DVD security toolkit.” Read a few Web sites to learn about this class of tools and their capabilities. Write a brief description of a live DVD security toolkit.

According to Wikipedia, Network Security Toolkit (NST) is a Linux-based Live DVD/USB Flash Drive that provides a set of free and open-source computer security and networking tools to perform routine security and networking diagnostic and monitoring tasks. Essentially, this security is free and open sources, which means that it most likely is not the most secure security system available. Since it is free it attracts many users.

5.      Several online passphrase generators are available. Locate at least two on the Internet and try them. What did you observe?

Based off of looking at some passphrase generators, I found that many passphrase do not meet the requirements of most websites passwords. These passphrases that are generated could be altered by the user to meet the requirements of most websites. Some of my favorite generated passwords were “dusty gild himself study immerge lewisite” and “linesman fortress atrocity checked pucka chile.” With some modification I could see myself using these phrases as my next password, with some modification of course.