GCGA Ch. 4 Exploring Advanced Security Devices (ST)

Question 1

IDS

Answer 1

intrusion detection system - inspects network traffic in order to detect malicious activity or policy violations; out-of-band, passive.

Question 2

IPS

Answer 2

intrusion prevention system - monitors network traffic and takes automated actions to prevent threats, such as blocking or terminating connections. Placed in-line (in-band) with traffic & can stop attacks before they reach internal network; can actively monitor data streams, detect malicious content, and prevent it from reaching a network.

Question 3

HIDS vs NIDS

Answer 3

HIDS can detect attacks on local systems such as workstations and servers. The HIDS monitors local resources on the host and can detect some malware that isn’t detected by traditional antivirus software. A network-based IDS (NIDS) detects attacks on networks.

Question 4

Signature-based IDS or IPS

Answer 4

uses signatures to detect known attacks or vulnerabilities.

Question 5

Trend-based IDS

Answer 5

(also called anomaly-based IDSs) require a baseline and detect attacks based on anomalies or when traffic is outside expected boundaries.

Question 6

SCADA network

Answer 6

Supervisory Control And Data Acquisition - an architecture that enables industrial organizations to manage, monitor, and control processes, machines, and plants.

Question 7

Honeypots & honeynets

Answer 7

appear to have valuable data and attempt to divert attackers away from live networks. Security personnel use them to deceive attackers, disrupt attacks, and observe attackers’ current attack methodologies. A honeyfile is a file designed to attract the attention of an attacker. Honeytokens are fake records inserted into databases to detect data theft