Intrusion Detection & Prevention Systems

Question 1

Misuse-detection IDS looks for what?

Answer 1

Fingerprints of suspicious activity from an existing database of signatures

Question 2

How does Anomaly-detection IDS work? What is it also known as?

Answer 2

Compares the defined baseline of activity with the current state
AKA Heuristic/Behavioral

Question 3

Under what circumstances is an IDS unable to detect attacks?

Answer 3

If the attacks are carried out within encrypted traffic

Question 4

An IDS is made up of what 3 components?

Answer 4

1) Sensores to detect
2) Console to control and configure sensors
3) Database that records events

Question 5

IDS’s attached inside and outside the firewall give you the best security. TRUE or FALSE?

Answer 5

TRUE

Question 6

An Active IDS is more commonly known as what?

Answer 6

Intrusion Prevention Device

Question 7

List the 3 passive IDS responses.

Answer 7

1) Logging
2) Notification - sends an alert
3) Shunning - ignoring the attack

Question 8

1) Changing Network Configuration - like closing ports
2) Terminating Sessions
3) Deception - using honeypot/honeynet

Are responses carried out by what device?

Answer 8

Intrusion Prevention Device

Question 9

Where are host-based IDSs typically installed and why?

Answer 9

On Servers. Because they’re difficult to manage across several clients.

Question 10

Host Based IDSs work by monitoring network traffic. TRUE or FALSE

Answer 10

FALSE. They monitor applications, system and event logs

Question 11

What other device apart from a firewall performs multiple security functions within the same appliance?

Answer 11

Unified Threat Management device

Question 12

VPN concentrators can handle security for remote working users - true or false?

Answer 12

TRUE