Chapter 3 Quiz

Question

When infected with a malicious Kernel-Level Rootkit, why can it be difficult to remove it (short of reinstalling the OS)?

Quiz Solution

Discussion Questions

  1. What if an exploit is not discovered for a while and all of a systemís backup images are contaminated too?
  2. I find it difficult to sift through packets coming through my computer in a few seconds, let alone an entire network in real time. How does this help anything?
  3. When analyzing a suspect system, how exactly do you draw the line between doing a partial HDD analysis and full blown HDD analysis? I guess it would make sense that if a partial didn't discover the problem you would go on to a full analysis, but when would you begin with a full analysis?
  4. The section on Ethics says that "some vendors purchase vulnerabilities to augment their research capacity." How exactly do they purchase vulnerabilities and how could they help with research?
  5. There is a section on detecting system intrusion from the network. If a device scans the network traffic, how can it distinguish what may be malicious?
  6. What is the difference between Detecting System Intrusions and Intrusions Detection System/Intrusions Prevention System(IDS/IPS).
Topic revision: r2 - 2014-02-12 - JimSkon
 
This site is powered by the TWiki collaboration platformCopyright &© by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback