Chapter 7

Question 1

What is IDPS?

Answer 1

Intrusion Detection Prevention System

Question 2

Types of IDPS?

Answer 2

NIDPS
WIDPS
HIDPS

Question 3

What is NIDPS

Answer 3

Network based IDPS
In organizations network, looks for signs of attacks using special implementation of NIDPS for invalid data packets, checks for packets with improper use

Question 4

Some pros of NIDPS?

Answer 4

When implemented enables organization to use a few devices to monitor large network
Not susceptible to direct attack and may not be detectable by attackers

Question 5

Cons of NIDPS?

Answer 5

Cannot scan encrypted packets

Requires access to all traffic to be monitored

Question 6

What is WNIDPS?

Answer 6

Wireless NIDPS

Monitors wireless network traffic

Question 7

What is HIDPS?

Answer 7

Host based IDPS

Resides on a particular server and monitors only on that system.

Question 8

Advantage HIDPS over NIDPS?

Answer 8

Can be installed so that it can access data encrypted when traveling over network

Question 9

Cons of HIDPS?

Answer 9

Management issues

Does not detect multihost scanning

Question 10

IDPS Detection Methods?

Answer 10

Signature Based IDPS
Statistical anomaly based
Stateful protocol
Log file monitors

Question 11

What is signature based IDPS?

Answer 11

Checks data traffic with the patterns that match known signatures.

Question 12

What is Statistical Anomaly IDPS?

Answer 12

Samples network activity

Question 13

What are the 3 IDPS control strategies?

Answer 13

Centralized
Fully distributed
Partially distributed

Question 14

What is a centralized control strategy?

Answer 14

All IDPS control functions are implemented and managed in a central location

Question 15

What is a Fully Distributed?

Answer 15

All control functions are applied at the physical location of each IDPS component.

Question 16

What is partially distributed?

Answer 16

Combines centralized and fully distributed. Analyze local threats report at the hierarchical central facility to enable threat attacks

Question 17

What is a honeypot?

Answer 17

A server decoy for the attackers. Designed to lure attackers from critical systems

Question 18

What is a honeynet?

Answer 18

Collection of honeypots connecting several honey pot system on a subnet

Question 19

What is a padded cell?

Answer 19

A more protected honeypot.

Question 20

Advantages of padded cell?

Answer 20

Attackers get diverted to targets they cannot damage

Admins get more time to decide how to respond

Question 21

What is a footprinting?

Answer 21

An action that researches of internet addresses owned by an organization

Question 22

What is a fingerprinting?

Answer 22

A systematic survey of all target internet addresses collected in footprinting

Question 23

Why is fingerprinting useful?

Answer 23

Fingerprinting reveals useful information about internal structure of an attack.

Question 24

What is a port scanner?

Answer 24

A port scanner can be used by both of the attackers and defenders to identify computers active on a network and other useful information.

Question 25

What is a vulnerability scanner?

Answer 25

Its a scanner that scans for holes in networks.

Question 26

What is a packet sniffer?

Answer 26

It captures copies of packets from the network and analyzes them.