Information Security Ch7 Solutions

Information Security

Chapter 7 Assignment

10/28/13

Exercises:

1. A key feature of hybrid IDPS systems is event correlation. After researching event correlation online, define the following terms as they are used in this process: compression, suppression, and generalization.

a. Compression is the degree to which redundant or inconsequential data can be removed to compress the resulting dataset.

b. Suppression is the ability of a correlation engine to suppress false positive triggers from raising an unwarranted alarm.

c. Generalization is the ability to extrapolate a known exploit signature into a general purpose alert.

2. ZoneAlarm is a PC-based firewall and IDPS tool. Visit the product manufacturer at www.zonelabs.com, and find the product specification for the IDPS features of ZoneAlarm. Which of the ZoneAlarm products offer these features?

d. ZoneAlarm Pro Antivirus + Firewall, ZoneAlarm Internet Security Suite, and ZoneAlarm Extreme Security 2013 include IDPS features.

3. Using the Internet, search for commercial IDPS systems. What classification systems and descriptions are used, and how can these be used to compare the features and components of each IDPS? Create a comparison spreadsheet identifying the classification systems you find.

e. IDPS technologies may be classified according to different parameters, namely: the methodologies they employ to detect intrusions: signature-based detection, anomaly-based detection and stateful protocol analysis. The functionalities they provide, which ultimately differentiate passive systems (IDSs) from re-active systems (IPSs). The type of events they monitor, which are closely related to the type of systems they guard: a wired network, a wireless network or a single host. In addition to these, a fourth type of IDPS may be identified, which is known as Network Behavior Analysis (NBA) IDPS.

4. Use the Internet to find vendors of thumbprint and iris scanning tools. Which...