Nan Hu

Chapter 7 

1.              A key feature of hybrid IDPS systems is event correlation. After researching event correlation online, define the following terms as they are used in this process: compression, suppression, and generalization.

Compression is the degree to which redundant or inconsequential data can be removed to compress the resulting dataset.

Suppression is the ability of a correlation engine to suppress false positive triggers from raising an unwarranted alarm.

Generalization is the ability to extrapolate a known exploit signature into a general purpose alert.

2.       ZoneAlarm is a PC-based firewall and IDPS tool. Visit the product manufacturer at and find the product specification for the IDPS features of ZoneAlarm. Which ZoneAlarm products offer these features?

These products have the IDPS features of ZoneAlarm 2015 include IDPS features:

            ZoneAlarm® 2015 PRO Antivirus + Firewall.

            ZoneAlarm® 2015 Internet Security Suite.

            ZoneAlarm® 2015 Extreme Security

              They even got a 30 day trail for free for 1 pc or 3 pc.

3.       Using the Internet, search for commercial IDPS systems. What classification systems and descriptions are used, and how can they be used to compare the features and components of each IDPS? Create a comparison spreadsheet to identify the classification systems you find.

IDPS technologies may be classified based on different parameters, namely: the methodologies they employ to detect intrusions:

Signature-based detection

Anomaly-based detection

Stateful protocol analysis.

The functionalities they provide ultimately differentiate passive systems from reactive systems.

The type of events they monitor, which are closely related to the type of systems they guard: a wired network, a wireless network or a single host.

In addition to these, a fourth type of IDPS may be identified, which is known as Network Behavior Analysis (NBA) IDPS.


4.       Use the Internet to search for “live DVD security toolkit.” Read a few Web sites to learn about this class of tools and their capabilities. Write a brief description of a live DVD security toolkit.

Network Security Toolkit (NST) is a bootable ISO image (Live DVD/USB Flash Drive) based on Fedora 26 providing easy access to best-of-breed Open Source Network Security Applications and should run on most x86_64 systems. it is based on fedora The toolkit was designed to provide easy access to best-of-breed Open Source Network Security Applications.


5.       Several online passphrase generators are available. Locate at least two on the Internet and try them. What did you observe?

            Pass phrase generator:

            Each phrase will be preceded by a number if Number is checked, and will use Upper case letters if that box is selected. If Include signatures is checked, the list of phrases will be followed by a list of their MD5 signatures; password validation programs may wish to use signatures rather than the actual phrases to save memory and reduce the risk of disclosure of the original phrases.

           Secure Passphrase Generator:

No data generated by this page is stored on the server at any point. In other words, we aren't recording your passwords.

The data used to generate the passwords is derived from Linux's /dev/urandom secure data source, and is carefully masked to prevent biasing or truncation.