IPS vs Application Control

Play an AI-generated podcast conversation about this lesson

What is the main focus of IPS signatures?

Understanding and exposing the structure of industrial protocols

Detection of software version-based vulnerabilities

Protocol detection at various levels

Detection of exploits of industrial controller software (correct)

What is the primary focus of application control signatures?

Protocol detection at various levels (correct)

Detection of exploits of industrial controller software

Detection of software version-based vulnerabilities

Understanding and exposing the structure of industrial protocols

Which protocols are mentioned as being understood and exposed by the Fortinet flow engine?

HTTP, FTP, SMTP, SNMP

Modbus, IEC 104, DNP3, OPC, Siemens S7 (correct)

TCP, UDP, IP, ICMP

SSH, SSL, TLS, RDP

What is the purpose of deep packet inspection (DPI) and intrusion prevention system (IPS) signatures for IC'S protocols and applications context logging?

To detect industrial software and software version-based vulnerabilities Signup and view all the answers

What type of vulnerabilities were several versions of Schneider Electric Accutech Manager vulnerable to?

SQL injection attacks Signup and view all the answers

What do application control signatures detect in the context of protocols and telecontrol messages?

Protocols used in the applications and contents of the telecontrol messages Signup and view all the answers

What is the purpose of the protocol dissectors in the Fortinet flow engine?

To understand and expose the structure of industrial protocols Signup and view all the answers

What is the common action taken by both IPS and application control in terms of log and application context?

Send to syslog servers FortiAnalyzer, FortiSIEM, and so on Signup and view all the answers

What is the focus of IPS in terms of vulnerability detection?

Industrial software and software version-based vulnerabilities Signup and view all the answers

What aspect of the telecontrol messages do application control signatures detect?

Contents of the telecontrol messages, like function codes, object types, and so on Signup and view all the answers

What is the primary purpose of intrusion prevention system (IPS) signatures?

Detection of exploits of industrial controller software Signup and view all the answers

What feature can be used to refuse traffic from an attacker's IP-address?

Source quarantine Signup and view all the answers

What can be done if matching signatures are not found in the database?

Create custom signatures Signup and view all the answers

Which feature can be used to save a copy of packets that match any signatures included in the filter?

Packet logging Signup and view all the answers

What is the subset of signatures in the database that are normally set to monitor?

Rate-based signatures Signup and view all the answers

What does the application control feature consider first if application or filter overrides are configured?

Application and filter overrides Signup and view all the answers

What does the quarantine feature of application control refuse based on?

Attacker's IP-address Signup and view all the answers

What is used to block outgoing connections to botnet sites or record log messages?

Block botnet C&C communication Signup and view all the answers

What does the baseline-built environment provide?

Baseline for anomalous activity Signup and view all the answers

What can be applied to provide alerts on anomalous activity outside of the baseline?

Baseline-built environment Signup and view all the answers

What can be used for more granular application control?

Ingress and egress application sensors Signup and view all the answers

What can be used to detect industrial protocols and perform granular message type identification?

Granular message type identification Signup and view all the answers

What can be used to help define allowlist policy?

Application signatures Signup and view all the answers