• Choose a category
• All
• Classic-Fiction

Understand how an IDS works. An IDS can either perform anomaly analysis or signaturebased detection.

Know how to perform firewall evasion techniques Firewall evasion can be performed by using a protocol such as ICMP or HTTP to carry attack traffic. Another technique is to split the packets into several smaller packets so the entire attack string cannot be detected.

Review Questions

1. A system that performs attack recognition and alerting for a network is what?

A. HIDS

B. NIDS

C. Anomaly detection HIDS

D. Signature-based NIDS

2. Which of the following tools bypasses a firewall by sending one byte at a time in the IP header?

A. Honeyd

B. Nessus

C. Covert_TCP

D. 007 shell

E. TCP to IP hide

3. Which of the following is a honeypot-detection tool?

A. Honeyd

B. Specter

C. KFSensor

D. Sobek

4. Which of the following is a system designed to attract and identify hackers?

A. Honeypot

B. Firewall

C. Honeytrap

D. IDS

5. Which of the following is a tool used to modify an attack script to bypass an IDS's signature detection?

A. ADMutate

B. Script mutate

C. Snort

D. Specter

6. What is a reverse WWW shell?

A. A web server making a reverse connection to a firewall

B. A web client making a connection to a hacker through the firewall

C. A web server connecting to a web client through the firewall

D. A hacker connecting to a web server through a firewall

7. A reverse WWW shell connects to which port on a hacker's system?

A. 80

B. 443

C. 23

D. 21

8. What is the command to install and run Snort?

A. snort -l c:\snort\log -c C:\snort\etc\snoft.conf -A console

B. snort -c C:\snort\etc\snoft.conf -A console

C. snort -c C:\snort\etc\snoft.conf console

D. snort -1 c:\snort\log -c -A

9. What type of program is Snort?

A. NIDS

B. Sniffer, HIDS, and traffic-logging tool

C. Sniffer and HIDS

D. NIDS and sniffer

10. What are the ways in which an IDS is able to detect intrusion attempts? (Choose all that apply.)

A. Signature detection

B. Anomaly detection

C. Traffic identification

D. Protocol analysis

Answers to Review Questions

1. B. A NIDS performs attack recognition for an entire network.

2. C. Covert_TCP passes through a firewall by sending one byte at a time of a file in the IP header.

3. D. Sobek is a honeypot-detection tool.

4. A. A honeypot is a system designed to attract and identify hackers.

5. A. ADMutate is a tool used to modify an attack script to bypass an IDS's signature detection.

6. B. A reverse WWW shell occurs when a compromised web client makes a connection back to a hacker's computer and is able to pass through a firewall.

7. A. The hacker's system, which is acting as a web server, uses port 80.

8. A. snort -1 c:\snort\log -c C:\snort\etc\snoft.conf -A console is the command to install and run the Snort program.

9. B. Snort is a sniffer, HIDS, and traffic-logging tool

10. B, C. Signature analysis and anomaly detection are the ways an IDS detects instruction attempts.

omm~~~~

CEH EXAM OBJECTIVES COVERED IN THIS CHAPTER:

✓ Overview of Cryptography and Encryption Techniques

✓ Describe How Public and Private Keys Are Generated

✓ Overview of MD5, SHA, RC4, RC5, Blowfish Algorithms

Cryptography is the study of encryption and encryption algorithms. In a practical sense, encryption is the conversion of messages from a comprehensible form (clear text) into an incomprehensible one (cipher text), and back again. The purpose of encryption is to render data unreadable by interceptors or eavesdroppers who do not know the secret of how to decrypt the message. Encryption attempts to ensure secrecy in communications. Cryptography defines the techniques used in encryption. This chapter will discuss encryption algorithms and cryptography.

Overview of Cryptography

and Encryption Techniques

Encryption can be used to encrypt data while it is in transit or while it's stored on a hard drive. Cryptography is the study of protecting information by mathematically scrambling