IDS & IPS

Question 1

What does an IDS do?

Answer 1

Intrusion Detection System

Logs and alerts

Only detects

Question 2

What does an IPS do?

Answer 2

Intrusion Prevention System

Logs, alerts, takes action

Detects and reacts

Question 3

What is a NIDS?

Answer 3

Network Intrusion Detection System

responsible for detecting unauthorized network access or attacks

Monitors the traffic coming in and out of a network

Question 4

What is a HIDS?

Answer 4

Host-Based IDS

configured to look at suspicious network traffic going to or from a single server or endpoint,

Question 5

What is a WIDS?

Answer 5

Wireless IDS

focused on detecting attempts to cause a denial of service on the wireless network

Question 6

What are Signature-Based IDS?

Answer 6

analyze traffic based on defined signatures, and they can only recognize attacks based on the previously identified attacks that exist inside of its database.

Question 7

What are the two types Signature-Based IDS are broken up into?

Answer 7

1. Pattern matching: focus on a specific pattern of steps that are being recognized during an attack
2. Stateful-Matching: focus on a known baseline of a system and reporting any changes to that state

Question 8

What is Pattern Matching more common in?

Answer 8

NIDS & WIDS

Question 9

What is Stateful Matching more commonly used with?

Answer 9

HIDS

Question 10

What are Anomaly-Based IDS?

Answer 10

analyze traffic and compare it to a normal baseline of traffic to determine whether there is a threat that’s occurring.

aka Behavioral-Based IDS

Question 11

What are IPS?

Answer 11

Intrusion Prevention System

Scan traffic for malicious activity and take action to stop it