Intrusion Detection and Prevention Systems
20 Questions
0 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What is a key characteristic of a bastion host?

  • Runs multiple services simultaneously
  • Runs a secure O/S with only essential services (correct)
  • Requires no user authentication to access the proxy
  • Has a large disk storage capacity
  • What is a zero-day attack?

  • A type of malware that spreads slowly
  • A type of firewall configuration
  • A type of network traffic monitoring system
  • A type of computer attack that exploits software vulnerabilities (correct)
  • What is an advantage of an IDS?

  • It slows down network traffic to inspect packets
  • It works passively and does not affect network traffic (correct)
  • It requires a lot of system resources to operate
  • It is a active device that blocks malicious traffic
  • What is a limitation of a bastion host?

    <p>It has limited disk storage capacity</p> Signup and view all the answers

    What is a key feature of an IDS?

    <p>It generates an alert when it detects malicious traffic</p> Signup and view all the answers

    What is the primary goal of a bastion host?

    <p>To act as a platform for an application-level or circuit-level gateway</p> Signup and view all the answers

    What is the primary objective of Authentication in secure communications?

    <p>Guarantees that the message is not a forgery and comes from the correct source</p> Signup and view all the answers

    What type of encryption technique is used in DES Operation?

    <p>Symmetric Encryption</p> Signup and view all the answers

    What is the purpose of a ping sweep in reconnaissance attacks?

    <p>To gather information about network hosts</p> Signup and view all the answers

    What type of attack is difficult to eliminate because it requires little effort to execute?

    <p>DoS Attack</p> Signup and view all the answers

    What is the purpose of Integrity in secure communications?

    <p>To guarantee that the message is not intercepted and altered</p> Signup and view all the answers

    What is the result when two identical plaintext blocks are encrypted using the same key in ECB mode?

    <p>The ciphertext blocks are the same</p> Signup and view all the answers

    What is the primary objective of Confidentiality in secure communications?

    <p>To guarantee that the message is not decipherable if captured</p> Signup and view all the answers

    What type of encryption method is used in Block Ciphers?

    <p>Symmetric Encryption</p> Signup and view all the answers

    What is the main disadvantage of an Intrusion Detection System (IDS)?

    <p>It can't stop trigger packets, only respond after the fact.</p> Signup and view all the answers

    What is the main advantage of an Intrusion Prevention System (IPS)?

    <p>It can detect and respond to threats in real-time.</p> Signup and view all the answers

    What is one of the advantages of using an IDS over an IPS?

    <p>An IDS has no impact on network traffic.</p> Signup and view all the answers

    What is the main benefit of using stream normalization techniques in an IPS?

    <p>It reduces the IPS's impact on network traffic.</p> Signup and view all the answers

    What is the main disadvantage of an IPS compared to an IDS?

    <p>An IPS has a higher impact on network traffic.</p> Signup and view all the answers

    What is one of the limitations of an IDS?

    <p>It requires correct tuning for response actions.</p> Signup and view all the answers

    Study Notes

    Modes of Deployment

    • Host-Based IPS and Network-Based IPS are two modes of deployment
    • Promiscuous Mode and Inline Mode are two deployment modes

    Alarm Triggering Mechanisms

    • Alarm triggering mechanisms are used to detect and respond to potential security threats

    Advantages and Disadvantages of IDS and IPS

    • IDS Advantages: no impact on network, no network impact if sensor fails or is overloaded
    • IDS Disadvantages: response action cannot stop trigger packets, requires correct tuning, vulnerable to network security evasion techniques
    • IPS Advantages: stops trigger packets, can use stream normalization techniques
    • IPS Disadvantages: sensor issues might affect network traffic, sensor overloading impacts network, some impact on network

    Bastion Hosts

    • A bastion host is a critical strong point in the network’s security
    • Characteristics: runs secure O/S, requires user authentication, restricts features and hosts accessed, small and simple, independent, non-privileged, limited disk use

    Zero-Day Attacks

    • A zero-day attack is a computer attack that tries to exploit software vulnerabilities
    • Zero-hour describes the moment when the exploit is discovered

    Intrusion Detection Systems (IDS)

    • IDS works passively, requires traffic to be mirrored, does not slow network traffic, monitors traffic offline, generates an alert when detecting malicious traffic
    • Types of malicious traffic: reconnaissance attacks, access attacks, denial of service attacks
    • Reconnaissance attacks include: internet information queries, ping sweeps, port scans, packet sniffers

    Denial of Service (DoS) Attacks

    • Types of DoS attacks include: ping of death, smurf attack, TCP SYN flood attack, packet fragmentation and reassembly, email bombs, CPU hogging, malicious applets, misconfiguring routers, chargen attack, out-of-band attacks

    Securing Communications

    • Authentication: guarantees message authenticity
    • Integrity: guarantees message integrity, similar to a checksum function
    • Confidentiality: guarantees message confidentiality, ensures captured message cannot be deciphered

    Encryption

    • Symmetric Encryption Techniques: block ciphers, stream ciphers
    • Data Encryption Standard (DES): ECB mode serially encrypts each 64-bit plaintext block using the same 56-bit key, vulnerable to attacks if identical plaintext blocks are encrypted using the same key

    Studying That Suits You

    Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

    Quiz Team

    Description

    This quiz covers the modes of deployment, alarm triggering mechanisms, and advantages and disadvantages of IDS and IPS. Test your understanding of host-based and network-based IPS and more.

    More Like This

    Use Quizgecko on...
    Browser
    Browser