a. A key feature of hybrid IDPS systems is event correlation.

After researching

event correlation online, define the following terms as they are used in this

process: compression, suppression, and generalization.

The IDPS is resilient but needs to be sufficiently so. A hybrid solution

combines signature and anomaly-based systems by adding common anomalies

to the baselines utilized by signature-based systems to detect and stop more

nefarious threats. Event correlation is a method for understanding many

occurrences and locating the few significant events inside that sea of information.

It is accomplished by assessing, looking for, and examining links between

specific events. The main goal of integrated management is to oversee networks

(including multimedia, data, and voice networks), systems (applications, servers,

and databases), and information technology (IT) services.

The amount of redundant or irrelevant data that can be eliminated from

the final dataset depends on how many events must occur and how many times

they must be examined. Another issue is Suppression, which happens when the

IDPS alerts you when a critical event occurs rather than triggering a routine

action. When managing several failed ports, connecting alarms with reasonably

high-level events can be helpful. The effectiveness of the correlation engine in

preventing false-positive triggers from sounding an unjustified warning is then

considered. Conversely, generalization is the capacity to extend a known exploit

signature into a general-purpose sign.

b. ZoneAlarm is a PC-based firewall and IDPS tool. Visit the product manufacturer

at www.zonelabs.com and find the product specification for the IDPS features of

ZoneA-larm. Which ZoneAlarm products offer these features?

By researching online and visiting the PC-based firewall and IDPS tool website at

www.zonelabs.com, I could see the product specification for the IDPS features.

These IDPS features are offered by two Zone Alarm products: Zone Alarm Pro

Antivirus + Firewall and Zone Alarm Extreme Security 2013. These are well-liked

products that may be bought straight from the website. Zone Alarm sells security

software created by Zone Labs and Checkpoint Software Technologies. It

provides a range of intrusion detection systems (IDS), such as zone alarm pro

firewall, zone alarm pro antivirus plus firewall, and zone alarm internet security

suite. The IDS capabilities will notify the user if any unauthorized changes are

made to the system if these items are installed. Several products from

ZoneAlarm are available to keep your computer secure. Mobile devices also offer

mobile security due to their growing use. Conducting this study was quite

interesting to me because this was something new to me, and I had never

utilized this website before. Several of their IDPS-capable products are as

follows:

• ZoneAlarm Pro Antivirus + Firewall, ZoneAlarm Internet Security Suite, and

ZoneAlarm Extreme Security 2013 include IDPS features.

• ZoneAlarm 2015 PRO Antivirus + firewall.

 • ZoneAlarm 2015 Internet Security Suite

• ZoneAlarm 2015 Extreme Security

• ZoneAlarm PRO FIREWALL 201ff: It defends against inbound and outbound

cyber-attacks. It keeps an eye on your computer for any unusual behavior. It

protects your operating system even while it is booting up.

• ZoneAlarm PRO ANTIVIRUS+ 201ff: It is an antivirus program that detects

and protects against malicious threats and attacks. It has a strong firewall

that protects your identity and online privacy, as well as a two-way firewall

that keeps intruders out and your data safe.

• ZoneAlarm EXTREME SECURITY 201ff: It is the best antivirus software

available, and it safeguards against zero-day attacks. It provides total

security for your computers and is guaranteed to be virus-free. Other

features include Identity Protection Services, Find My Laptop, PC Tune-Up,

and Online Backup

c. Using the Internet, search for commercial IDPS systems. What classification

systems and descriptions are used, and how can they be used to compare the

features and components of each IDPS? Create a comparison spreadsheet to

identify the classification systems you find.

 The methods used by different IDPS systems to identify intrusions are classed as

follows: signature-based detection, anomaly-based detection, and stateful

protocol analysis. Ultimately, their functions separate reactive systems (IPSs)

from passive systems (IDSs). The systems they guard, whether a wired

network, a wireless network, or a single host, are directly tied to the events they

watch. In addition, the fourth type of IDPS, known as Network Behavior Analysis

(NBA) IDPS, may be distinguished. Additionally, we can categorize it more

precisely based on the identification and comparison of host-based, network-

based, and hybrid-based intrusion detection systems (IDS). Based on the

intrusion detection system, the classification is split into two groups: IDS based

on statistical analysis, expert systems, signature analysis, state transition, Petri

nets, and data mining.

Name Type Operating License Based on

Systems(OS)

CSP alert plus HIDS Windows Commercial Rule-based

eEye retina HIDS Windows Commercial Rule-based

GFI events HIDS Windows Commercial Rule-based

manager

Tripwire HIDS Windows Commercial Rule-based

Enterprise

Arc sight NIDS N/A Commercial Behavior-based

IBM real secure HIDS Windows Commercial Rule-base

server sensor
McAfee Host HIDS Linux, Windows Commercial Rule-based

c. Use the Internet to search for “live DVD security toolkit.” Read a few Web sites to

learn about this class of tools and their capabilities. Write a brief description of a

live DVD security toolkit.

The live DVD security toolkit, and open-source network security tools are now

readily available. It provides security specialists and network managers with a

complete collection of open-source network security tools. The JavaScript

console, which has an object library with functions for building dynamic web

pages, is another tool for web developers. On the CD, there are many security

and utility tools. It will help you choose the best location for a network security

audit. The Network Security Toolkit (NST), based on Fedora (NST Live), is the

foundation for the bootable ISO live DVD/USB Flash Drive.

d. Several online passphrase generators are available. Locate at least two on the

Internet and try them. What did you observe?

Random Password Generator, Pass Creator, Password Boy, Automated

Password Generator, and Strong Password Generator are some online pass

generators. Also, the length of the password can be changed by the user, in
which there is a variety of symbols, numbers, lowercase and uppercase letters

can be seen.

1. http://passwordsgenerator.net/

This password generator, which can only generate one password at a time,

requires a variable length of passphrases. It can also list password-protection

practices to make the password stronger and capable of removing its

vulnerability. There are options to include special characters to strengthen

passwords.

2. https://www.random.org/paasswords/

I noticed that it could add an identifier to the passwords and specify and generate

up to 100 passwords at a time in this one. Despite the fact that there

are no special characters or non-alphanumeric characters in generated

password phrases, the user can create only 6-24 passwords in length.