Exploring Advanced Security Devices Flashcards
HIDS only monitor network activity on a single host, true or false?
False. Some Host-based Intrusion Detection Systems monitor application activity on a host too.
What software can detect malware that traditional antivirus software can’t?
HIDS
On what might you install HIDS and why?
You might install it on a server with sensitive data that is of increased likelihood of attack to provide an extra layer of protection
On what are Network-based Intrusion Detection systems usually installed?
On routers or firewalls
How would you get around a NIDS detecting potentially malicious traffic?
By encrypting the traffic
firewall logs
system logs
applications logs
are some of the logs used by what to collect information on activity?
An IDS
How should an administrator set the upper and lower threshold to control false positives / false negatives on an IDS/IPS
based on the network’s activity level and their personal preferences.
What’s the difference between in-line/in-band and out of band?
in-line means all traffic passed through the device, like in an IPS. out of band means the device passively monitors the traffic but the traffic doesn’t pass through it, like in an IDS
What device is often used to solve the problem of malicious attacks hidden in encrypted traffic? Where is it typically installed?
An SSL encryptor. It’s installed in-line with traffic and the NIDS so it decrypts traffic first before sending it to the NIDS for inspection
What’s the difference between the data-plane and the control-plane in an SDN?
data-plane is concerned with what traffic to forward or block
the control-plane is concerned with identifying the path the traffic should take
What are the two primary goals of a honeypot?
1) divert attackers from the live network
2) allow observation of an attacker
