Define and differentiate false positive and false negative. Which is worse, and why? Give one example of each, drawn from any context that demonstrates your understanding of the terms.
April 27, 2020What combination of emerging information technologies and emerging markets will combine to make the most potential for profit in the 2020’s?
April 27, 2020- n
- Imagine you are tasked with monitoring network communication in an organization that uses encrypted transmission channels. What are the limitations of using intrusion detection systems in this environment? What methods would you employ to accomplish this task?
n
nAnswer: nnPart 4: Essay Questions. Maximum length: 3 double-spaced pages each, excluding references. (Two questions at 15 points each)n
- n
- In 2003, a well-publicized report from IT analyst firm Gartner predicted that the market for stand-alone IDS tools would soon disappear and urged Gartner clients to cease investing in IDS tools in favor of firewalls. Clearly, this prediction has not come true, due in part to significant increases in the technological capability, processing speed, and accuracy of IDS tools in the more than 15 years since the erroneous prediction.
n
nContemporary enterprises have a wide array of network and platform security tools from which to choose, and as we have seen in this course there is substantial overlap in the capabilities of different categories of tools such as firewalls, IDS, anti-malware, vulnerability scanners, and so forth. What factors would exert the most influence on an organization and lead it to choose to implement IDS technology? In your response please identify potential benefits of IDS, potential drawbacks, and any considerations about an organization’s operating environment that might drive its decision.n
- n
- Beginning about 10 years ago, the U.S. Department of Homeland Security established programs intended to expand the government’s intrusion detection capabilities, in particular citing a need to move to mandatory real-time intrusion detection for federal government networks. The current manifestation of this goal is the Einstein program, which is now in widespread use across the government and received some negative (and partly inaccurate) publicity in early reports of the large-scale data breach announced in 2015 involving systems operated by the U.S. Office of Personnel Management. [The current administration has de-emphasized this and other security initiatives promoted by the previous administration. See the brief description of Initiative #3 of the Comprehensive National Cybersecurity Initiative (http://nsarchive.gwu.edu/NSAEBB/NSAEBB424/docs/Cyber-034.pdf).]
n
nUsing what we have learned in this course and your own knowledge of IDS operational models, requirements, and other characteristics associated with selecting and using the most appropriate types of intrusion detection and prevention, what is your response to the government’s approach of trying to implement comprehensive intrusion detection and prevention for all network traffic to or from U.S. government agencies? What are some of the key obstacles faced in rolling out an intrusion detection capability of this sort? Identify and describe at least three (3) challenges that DHS should consider with its Einstein deployment.