Incident Response Plans for Network Attacks

Questions and Answers

What capability do ICE (Intrusion Countermeasure Equipment) agents have in the event of an intrusion detection alert?

Automatically lock down a network or increase access security to critical resources

What is one purpose of redirecting or misdirecting an attacker to secured segmented areas?

Preventing access to secured resources and gaining time to trace or track the intruder

What is the purpose of forensic analysis of infected systems after identifying an attack?

To detect information about the identity of the attacker for potential legal action

What should be done with the analysis of successful intrusions to harden systems against additional attempts?

Use it to strengthen systems against similar future attempts

What is the problem with intrusion detection systems (IDSs) according to the text?

They are passive and reactive