Module 2: Security Technology: Intrusion Detection and Prevention Systems Flashcards
These operate by monitoring network traffic, analyzing it and providing remediation tactics when malicious behavior is detected;
intrusion detection and prevention systems (IDPS)
They look for matching behavior or characteristics that would indicate malicious traffic, send out alerts and block attacks.
intrusion detection and prevention systems (IDPS)
These tools can detect malware, socially engineered attacks and other web-based threats, including DDoS attacks.
intrusion detection and prevention systems (IDPS) tools
These can provide preemptive intrusion prevention capabilities for internal threats and potentially compromised systems.
intrusion detection and prevention systems (IDPS)
The primary functions of IDPS solutions can be broken down into four main categories, what are these?
- monitoring
- alerts
- remediation
- maintenance
Category of IDPS primary functions
IDPS ____ IT systems using either signature-based or anomaly-based intrusion detection to identify abnormal behavior and signature malicious activity.
monitoring
Category of IDPS primary functions
After identifying potential threats, IDPS software will log and send out ____ to Inform administrators of abnormal activity.
alerts
Category of IDPS primary functions
IDPS tools provide blocking mechanisms for malicious threats, giving administrators time to take action. In some cases, IT teams may not be required to take action at all after an attack is blocked.
remediation
Category of IDPS primary functions
Besides monitoring for abnormal behavior, IDPS tools can also monitor the performance of IT hardware and security components with health checks. This ensures a security infrastructure is operating properly at all times.
maintenance
These are detection and monitoring tools. They do not take action on their own. This requires a human or another system to look at the results.
intrusion detection systems (IDS)
This is a controlled system. The control system accepts and rejects a packet based on the ruleset. This requires that the database gets regularly updated with new threat data.
intrusion prevention system (IPS)
What is the similarity of IDS and IPS?
They both read network packets and compare the contents to a database of known threats.
This sits between the firewall and switch.
intrusion prevention system (IPS)
This interacts and plugged in directly with the switch.
intrusion detection system (IDS)
The types of IDPS can be classified according to ____.
The types of IDPS can be classified according to what they are designed to protect.