Network Intrusion Detection and Prevention 2.1 Flashcards

1
Q

NIDS (Network-based Intrusion Detection System)

A

Designed to detect, log, respond. Works in real time and after the fact. Alerts against exploits against the OS, applications, etc. Detects if there is a buffer overflow, cross site scripting and vulnerabilities. Only provides alerts/alarms. These are software systems but in large systems, requires dedicated hardware.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

NIPS (Network-based Intrusion Prevention System)

A

Stops intrusions before they get into the network. Overflows, x-site scripting, vulnerabilities, etc. Can receive a copy of your network traffic to tell you if bad traffic has come through. “Can automatically respond to certain events”, via a defined set of rules.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Out-of-Band Response

A

If the IPS recognizes malicious traffic, it will send a message to the switch telling it to reset the connection with the malicious traffic. This is after the fact however because the traffic was already allowed through. It can not reset UDP connections.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Inline Monitoring/In-Band Response

A

IPS/IDS sit in line between the firewall and the core network switch. If it identifies malicious traffic, the connection is dropped at the IPS. This causes an In-Band Response.

Internet || Firewall || IPS || Core Switch

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Identification Technologies

A

Signature based technology. It looks for a perfect match of known malicious code. It also can detect anomaly’s or certain behaviors of code. Additionally it can use artificial intelligence to identify potential malicious code. This is subject to creating false positives/negatives however.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

IPS rules

A

You determine block/allow/send alerts etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly