Which component of an IDS examines the collected network traffic and compares it to known patterns of suspicious or malicious activity?

How does an IPS differ from an IDS?

A. An IPS is passive and an IDS is active.

B. An IPS uses heuristics and an IDS is signature-based.

C. An IPS will block, reject, or redirect unwanted traffic; an IDS will only send an alert.

D. An IDS will block, reject, or redirect unwanted traffic; an IPS will only send an alert.

Home

Subjects

Expert solutions

Create

Log in

Sign up

Upgrade to remove ads

Only ₩37,125/year

• Flashcards

• Learn

• Test

• Match

• Flashcards

• Learn

• Test

• Match

Intrusion Detection and Prevention Systems

Terms in this set (9)

Intrusion Detection System (IDS)

A security system that detects inappropriate or malicious activity on a computer network

Host-based IDS (HIDS)

Examines activity on an individual system, such as a mail server, web server, or individual PC. It is concerned only with an individual system and usually has no visibility into the activity on the network or systems around it.

Network-based IDS (NIDS)

Examines activity on the network itself. It has visibility only into the traffic crossing the network link it is monitoring and typically has no idea of what is happening on individual systems.

Traffic collector (or sensor)

Collects activity/events for the IDS to examine. On a HIDS, this could be log files, audit logs, or traffic coming to or leaving a specific system. On a NIDS, this is typically a mechanism for copying traffic off the network link - basically functioning as a sniffer. This component is often referred to as a sensor.

*Logical component of an IDS

Analysis engine

Examines the collected network traffic and compares it to known patterns of suspicious or malicious activity stored in the signature database. The analysis engine is the "brains" of the IDS.

*Logical component of an IDS

Signature database

A collection of patterns and definitions of known or suspicious activity.

*Logical component of an IDS

User interface and reporting

Interfaces with the human element, providing alerts when appropriate and giving the user a means to interact with and operate the IDS.

*Logical component of an IDS

Content-based signatures

Designed to examine the content of such things as network packets or log entries. They are typically easy to build and look for simple things.

Context-based signatures

More complicated than content-based signatures. They are designed to match large patterns of activity and e

Sets with similar terms

Ch. 13

58 terms

jadlyn_summers2

Principles of Computer Security, Chapter 13

31 terms

YaknFish

ISY 143 Chapter 13

52 terms

Vylos

Chapter 13

36 terms

alex_sugarman3

Sets found in the same folder

Computer Security - Chapter 20

15 terms

ABaucum

SRA Chapter 13

44 terms

dc4089

New exam SEC+

121 terms

Brad_Slade

Security+ SY0-301 Chapter 3

28 terms

ELESANTIAGO

Other sets by this creator

NIST SPs

25 terms

gbc_quiz

El bar (bar vocab)

5 terms

gbc_quiz

El baño (bathroom vocab)

13 terms

gbc_quiz

Almuerzo (lunch vocab)

43 terms

gbc_quiz

Other Quizlet sets

Self Test: Integumentary System

78 terms

Kaitlin122799

Lymphatic Organs

29 terms

ais3253

Exercise Science Exam 1

31 terms

Lydia_Farmer90

Related questions

QUESTION

You have purchased a network-based IDS. You have been tasked with deploying the device in a location where the entire network can be protected. Where should you deploy it?

5 answers

QUESTION

An attribute of a hyperlink, indicating to search engines that the link is not endorsed by the Web site best describes:

13 answers

QUESTION

an attempt to make a machine or network resource unavailable to its intended users.

2 answers

QUESTION

A --- is a weakness that allows a threat to be realized

15 answers

What examines the collected network traffic and compares it to known patterns of suspicious activity stored in the signature database?

Which component of an IDS collects activity events for the IDS to examine quizlet?

What component does a network

Which term defines a collection of predefined activity patterns that have already been identified and categorized?