Module 11: IDS and IPS Technologies

Question 1

What is IPS?

Answer 1

Intrusion protection system this can actively stop a attack

Question 2

What is IDS

Answer 2

Intrusion detection system it passively monitors the traffic

Question 3

What is a Zero Day attack

Answer 3

A attack in which the user has had 0 time or days to prepare for. a new unknown hack

Question 4

What are the 2 kind of IPS implementations

Answer 4

NIPS AND HIPS

Question 5

What is HIPS?

Answer 5

Hardware IPS - windows defender

Question 6

What is NIPS

Answer 6

Network IPS - usually a router or firewall config

Question 7

What 3 components must a NIPS have

Answer 7

NIC, a processor and memory

Question 8

What are the 2 modes of deployment for a IPS or IDS sensor?

Answer 8

Inline mode or promiscuous mode

Question 9

What is IPS detection and enforcement engine ?

Answer 9

the detection engine compares incoming traffic with known attack signatures that are included in the IPS attack signature package.

Question 10

What is IPS attack signatures package ?

Answer 10

This is a list of known attack signatures that are contained in one file which can be frequently updated

Question 11

What series router can SNORT run on?

Answer 11

the Cisco 4000 series

Question 12

How does SNORT run in a router?

Answer 12

In a virtual service container which is a VM that runs on the router itself