20 Questions
What is a key characteristic of a bastion host?
Runs a secure O/S with only essential services
What is a zero-day attack?
A type of computer attack that exploits software vulnerabilities
What is an advantage of an IDS?
It works passively and does not affect network traffic
What is a limitation of a bastion host?
It has limited disk storage capacity
What is a key feature of an IDS?
It generates an alert when it detects malicious traffic
What is the primary goal of a bastion host?
To act as a platform for an application-level or circuit-level gateway
What is the primary objective of Authentication in secure communications?
Guarantees that the message is not a forgery and comes from the correct source
What type of encryption technique is used in DES Operation?
Symmetric Encryption
What is the purpose of a ping sweep in reconnaissance attacks?
To gather information about network hosts
What type of attack is difficult to eliminate because it requires little effort to execute?
DoS Attack
What is the purpose of Integrity in secure communications?
To guarantee that the message is not intercepted and altered
What is the result when two identical plaintext blocks are encrypted using the same key in ECB mode?
The ciphertext blocks are the same
What is the primary objective of Confidentiality in secure communications?
To guarantee that the message is not decipherable if captured
What type of encryption method is used in Block Ciphers?
Symmetric Encryption
What is the main disadvantage of an Intrusion Detection System (IDS)?
It can't stop trigger packets, only respond after the fact.
What is the main advantage of an Intrusion Prevention System (IPS)?
It can detect and respond to threats in real-time.
What is one of the advantages of using an IDS over an IPS?
An IDS has no impact on network traffic.
What is the main benefit of using stream normalization techniques in an IPS?
It reduces the IPS's impact on network traffic.
What is the main disadvantage of an IPS compared to an IDS?
An IPS has a higher impact on network traffic.
What is one of the limitations of an IDS?
It requires correct tuning for response actions.
Study Notes
Modes of Deployment
- Host-Based IPS and Network-Based IPS are two modes of deployment
- Promiscuous Mode and Inline Mode are two deployment modes
Alarm Triggering Mechanisms
- Alarm triggering mechanisms are used to detect and respond to potential security threats
Advantages and Disadvantages of IDS and IPS
- IDS Advantages: no impact on network, no network impact if sensor fails or is overloaded
- IDS Disadvantages: response action cannot stop trigger packets, requires correct tuning, vulnerable to network security evasion techniques
- IPS Advantages: stops trigger packets, can use stream normalization techniques
- IPS Disadvantages: sensor issues might affect network traffic, sensor overloading impacts network, some impact on network
Bastion Hosts
- A bastion host is a critical strong point in the network’s security
- Characteristics: runs secure O/S, requires user authentication, restricts features and hosts accessed, small and simple, independent, non-privileged, limited disk use
Zero-Day Attacks
- A zero-day attack is a computer attack that tries to exploit software vulnerabilities
- Zero-hour describes the moment when the exploit is discovered
Intrusion Detection Systems (IDS)
- IDS works passively, requires traffic to be mirrored, does not slow network traffic, monitors traffic offline, generates an alert when detecting malicious traffic
- Types of malicious traffic: reconnaissance attacks, access attacks, denial of service attacks
- Reconnaissance attacks include: internet information queries, ping sweeps, port scans, packet sniffers
Denial of Service (DoS) Attacks
- Types of DoS attacks include: ping of death, smurf attack, TCP SYN flood attack, packet fragmentation and reassembly, email bombs, CPU hogging, malicious applets, misconfiguring routers, chargen attack, out-of-band attacks
Securing Communications
- Authentication: guarantees message authenticity
- Integrity: guarantees message integrity, similar to a checksum function
- Confidentiality: guarantees message confidentiality, ensures captured message cannot be deciphered
Encryption
- Symmetric Encryption Techniques: block ciphers, stream ciphers
- Data Encryption Standard (DES): ECB mode serially encrypts each 64-bit plaintext block using the same 56-bit key, vulnerable to attacks if identical plaintext blocks are encrypted using the same key
This quiz covers the modes of deployment, alarm triggering mechanisms, and advantages and disadvantages of IDS and IPS. Test your understanding of host-based and network-based IPS and more.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free
