PRIYA LR&CFS ASSIGNMENT-7

.docx

School

Southeast Missouri State University *

*We aren’t endorsed by this school

Course

650

Subject

Computer Science

Date

Apr 3, 2024

Type

docx

Pages

Uploaded by GeneralExploration6683

NAME: PUSHPA PRIYA MIKKILI SEMO.ID: S02048083 CY-650 Legal, Risk, and Compliance for Security Assignment-7 1. A key feature of hybrid IDPS systems is event correlation. After researching event correlation online, define the following terms as they are used in this process: compression, suppression, and generalization. Compression: Compression in event correlation is the process of reducing a huge number of events into a smaller, more manageable number of occurrences or warnings. This is done to provide insight into the events' underlying causes and therapeutic implications. Suppression: Events that are deemed superfluous or unrelated to the current analysis must be buried or filtered out to achieve this. Suppression helps security personnel focus on the most dangerous threats by reducing the volume of noise in the event stream. Generalization: This is intended to be comprehended by grouping several related events into a single, general category. Instead of treating each event as distinct, generalization groups events according to shared characteristics or behaviors, making it easier to identify trends and patterns. 2. ZoneAlarm is a PC-based firewall and IDPS tool. Visit the product manufacturer at www.zonelabs.com, and find the product specification for the IDPS features of ZoneAlarm. Which of the ZoneAlarm products offer these features? The ZoneAlarm website states that the following ZoneAlarm products have IDPS features: ZoneAlarm Next-Gen Extreme Security: Provides advanced firewall protection that watches out for dubious activity from apps, as well as a two-way firewall that makes your computer invisible to hackers. ZoneAlarm Pro Defense & Virus Software: Includes functions like application control, anti-bot, complex firewall, two-way firewall, and anti-spyware, to name a few. Firewall ZoneAlarm Pro: Offers functions including sophisticated firewalling, application control, two-way firewalling, and more. These products offer multiple security levels, such as safe browsing, content filtering, threat extraction, anti-phishing, anti-keylogger, anti-ransomware, and real-time cloud security.

3. Using the Internet, search for commercial IDPS systems. What classification systems and descriptions are used, and how can these be used to compare the features and components of each IDPS? Create a comparison spreadsheet identifying the classification systems you find. Intrusion system classification includes the following: Host-Based IDS: This type of intrusion detection system keeps an eye on the network infrastructure it is deployed on, logging malicious activity and analyzing data.  Malicious activity on a network is identified by network-based intrusion detection systems. Hybrid-based IDS: This is achieved by fusing the open-source Snort misuse-based IDS with the anomaly-based packet header anomaly detection (PHAD) and network traffic anomaly detection (NETAD) IDSs. The intrusion detection system divides the classification into two groups, which are as follows: Professional networks Transitional states Analyzing signatures IDS based on statistics Nets for Petri dishes Data extraction Intelligent data system (IDS) Comparison Spreadsheet: Name License OS Type Based on Tripwire enterprise Commercial Windows HIDS Rule Based Arc sight Commercial N/A NIDS Behavior-Based CSP alert plus Commercial Windows HIDS Rule Based eEye Retina Commercial Windows HIDS Rule Based

Your preview ends here

Eager to read complete document? Join bartleby learn and gain access to the full version