Intrusion Detection & Prevention Systems Flashcards
Misuse-detection IDS looks for what?
Fingerprints of suspicious activity from an existing database of signatures
How does Anomaly-detection IDS work? What is it also known as?
Compares the defined baseline of activity with the current state
AKA Heuristic/Behavioral
Under what circumstances is an IDS unable to detect attacks?
If the attacks are carried out within encrypted traffic
An IDS is made up of what 3 components?
1) Sensores to detect
2) Console to control and configure sensors
3) Database that records events
IDS’s attached inside and outside the firewall give you the best security. TRUE or FALSE?
TRUE
An Active IDS is more commonly known as what?
Intrusion Prevention Device
List the 3 passive IDS responses.
1) Logging
2) Notification - sends an alert
3) Shunning - ignoring the attack
1) Changing Network Configuration - like closing ports
2) Terminating Sessions
3) Deception - using honeypot/honeynet
Are responses carried out by what device?
Intrusion Prevention Device
Where are host-based IDSs typically installed and why?
On Servers. Because they’re difficult to manage across several clients.
Host Based IDSs work by monitoring network traffic. TRUE or FALSE
FALSE. They monitor applications, system and event logs
What other device apart from a firewall performs multiple security functions within the same appliance?
Unified Threat Management device
VPN concentrators can handle security for remote working users - true or false?
TRUE