Securing Your Network Flashcards

1
Q

IDS

A

Intrusion Detection System

  • Monitor network (protocol analyzer)
  • send alerts when suspicious activity detected
  • Out of band or passive - monitors traffic, but does not go through IDS
  • IDS responds to attack AFTER it has started - alerts, modify ACLs, close offending process, divert attack to honeypot
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

IPS

A

Intrusion Prevention System

  • Monitor network (protocol analyzer)
  • Detect, react, prevent attacks
  • inline (inband) with traffic - all traffic passes through, IPS can block malicious traffic to prevent attackt
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

HIDS

A

Host-Based Intrusion Detection System

  • Software
  • Monitors network traffic to host it’s installed on
  • Monitors applications installed on host
  • Protect local OS files
  • May be installed on workstations in addition to antivirus - can detect malware antivirus would miss
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

NIDS

-What can’t it do?

A

Network-Based Intrusion Detection System

  • Monitors activity on network
  • Sensors on routers and firewalls
  • Report to monitoring server hosting NIDS console
  • Cannot detect anomalies on individual workstations
  • Cannot decrypt encrypted network traffic
  • Can use tap or port mirror on switch/router as sensor - sends all switch traffic to single port
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

HIPS

A

Host-Based Intrusion Prevention System

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

NIPS

A

Network-Based Intrusion Prevention System

  • NIPS more common than HIPS
  • May use SSL decryptor to read encrypted traffic
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

IEEE 802.1X

A

IEEE 802.1X

  • Port-based authentication protocol
  • Port security
  • Wired or wireless
  • Prevents rogue devices from connecting
  • Usernames/passwords or certificates
  • Can combine with VLAN: 802.1X server grants access to clients that authenticate; directs others to VLAN guest network
  • Can be implemented as RADIUS or Diameter server - authenticate VPN clients before they connect
  • supplicant SW runs on clients
  • authenticator - network device that is acting as a “gatekeeper” to the network – typically a switch or Wireless LAN Controller (WLC). It prevents access to the network (if configured to do so) until the authentication server tells it otherwise. The authenticator is responsible for taking the messages from the supplicant, encapsulating them in RADIUS and sending them to the authentication server for processing
  • authentication server - decides if clients can access NW

-EAP conversation takes place between the supplicant and the authentication server, with the authenticator just acting as a middle man and tunnelling the messages in RADIUS.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly