Define stateful protocol analysis. Include in your answer the concept of the event horizon.
What will be an ideal response?
When an IDPS receives a packet, information about the connection between the host and remote computer is compared to entries in the state table. A state table maintains a record of connections between computers that includes the source IP address and port, destination IP address and port, and protocol. Furthermore, the IDPS needs to maintain state information for the entire length of the attack, which is called the event horizon. Maintaining this information might require an IDPS to review many packets of data; during long attacks, such as those that last from user logon to user logoff, the IDPS might not be able to maintain the state information long enough, and the attack could circumvent the system.
You might also like to view...
Grouping and summary data can be added to a report in the ________ view
Fill in the blank(s) with correct word
When assigning the attribute for an absolute link, begin with the _____ text.?
A. ?index.html B. ?mailto C. ?http:// D. ?home
It is possible that the graphic in the figure above was created with the Polygon tool.
Answer the following statement true (T) or false (F)
A dual-boot option can permit a user to run two or more operating systems on a PC.
Answer the following statement true (T) or false (F)