Podcast
Questions and Answers
What is the main focus of IPS signatures?
What is the main focus of IPS signatures?
- Understanding and exposing the structure of industrial protocols
- Detection of software version-based vulnerabilities
- Protocol detection at various levels
- Detection of exploits of industrial controller software (correct)
What is the primary focus of application control signatures?
What is the primary focus of application control signatures?
- Protocol detection at various levels (correct)
- Detection of exploits of industrial controller software
- Detection of software version-based vulnerabilities
- Understanding and exposing the structure of industrial protocols
Which protocols are mentioned as being understood and exposed by the Fortinet flow engine?
Which protocols are mentioned as being understood and exposed by the Fortinet flow engine?
- HTTP, FTP, SMTP, SNMP
- Modbus, IEC 104, DNP3, OPC, Siemens S7 (correct)
- TCP, UDP, IP, ICMP
- SSH, SSL, TLS, RDP
What is the purpose of deep packet inspection (DPI) and intrusion prevention system (IPS) signatures for IC'S protocols and applications context logging?
What is the purpose of deep packet inspection (DPI) and intrusion prevention system (IPS) signatures for IC'S protocols and applications context logging?
What type of vulnerabilities were several versions of Schneider Electric Accutech Manager vulnerable to?
What type of vulnerabilities were several versions of Schneider Electric Accutech Manager vulnerable to?
What do application control signatures detect in the context of protocols and telecontrol messages?
What do application control signatures detect in the context of protocols and telecontrol messages?
What is the purpose of the protocol dissectors in the Fortinet flow engine?
What is the purpose of the protocol dissectors in the Fortinet flow engine?
What is the common action taken by both IPS and application control in terms of log and application context?
What is the common action taken by both IPS and application control in terms of log and application context?
What is the focus of IPS in terms of vulnerability detection?
What is the focus of IPS in terms of vulnerability detection?
What aspect of the telecontrol messages do application control signatures detect?
What aspect of the telecontrol messages do application control signatures detect?
What is the primary purpose of intrusion prevention system (IPS) signatures?
What is the primary purpose of intrusion prevention system (IPS) signatures?
What feature can be used to refuse traffic from an attacker's IP-address?
What feature can be used to refuse traffic from an attacker's IP-address?
What can be done if matching signatures are not found in the database?
What can be done if matching signatures are not found in the database?
Which feature can be used to save a copy of packets that match any signatures included in the filter?
Which feature can be used to save a copy of packets that match any signatures included in the filter?
What is the subset of signatures in the database that are normally set to monitor?
What is the subset of signatures in the database that are normally set to monitor?
What does the application control feature consider first if application or filter overrides are configured?
What does the application control feature consider first if application or filter overrides are configured?
What does the quarantine feature of application control refuse based on?
What does the quarantine feature of application control refuse based on?
What is used to block outgoing connections to botnet sites or record log messages?
What is used to block outgoing connections to botnet sites or record log messages?
What does the baseline-built environment provide?
What does the baseline-built environment provide?
What can be applied to provide alerts on anomalous activity outside of the baseline?
What can be applied to provide alerts on anomalous activity outside of the baseline?
What can be used for more granular application control?
What can be used for more granular application control?
What can be used to detect industrial protocols and perform granular message type identification?
What can be used to detect industrial protocols and perform granular message type identification?
What can be used to help define allowlist policy?
What can be used to help define allowlist policy?