How does an IPS differ from an IDS? Show
A. An IPS is passive and an IDS is active. B. An IPS uses heuristics and an IDS is signature-based. C. An IPS will block, reject, or redirect unwanted traffic; an IDS will only send an alert. D. An IDS will block, reject, or redirect unwanted traffic; an IPS will only send an alert.
Home Subjects Expert solutions Create Log in Sign up Upgrade to remove ads Only ₩37,125/year
Intrusion Detection and Prevention Systems Terms in this set (9)Intrusion Detection System (IDS) A security system that detects inappropriate or malicious activity on a computer network Host-based IDS (HIDS) Examines activity on an individual system, such as a mail server, web server, or individual PC. It is concerned only with an individual system and usually has no visibility into the activity on the network or systems around it. Network-based IDS (NIDS) Examines activity on the network itself. It has visibility only into the traffic crossing the network link it is monitoring and typically has no idea of what is happening on individual systems. Traffic collector (or sensor) Collects activity/events for the IDS to examine. On a HIDS, this could be log files, audit logs, or traffic coming to or leaving a specific system. On a NIDS, this is typically a mechanism for copying traffic off the network link - basically functioning as a sniffer. This component is often referred to as a sensor. *Logical component of an IDS Analysis engine Examines the collected network traffic and compares it to known patterns of suspicious or malicious activity stored in the signature database. The analysis engine is the "brains" of the IDS. *Logical component of an IDS Signature database A collection of patterns and definitions of known or suspicious activity. *Logical component of an IDS User interface and reporting Interfaces with the human element, providing alerts when appropriate and giving the user a means to interact with and operate the IDS. *Logical component of an IDS Content-based signatures Designed to examine the content of such things as network packets or log entries. They are typically easy to build and look for simple things. Context-based signatures More complicated than content-based signatures. They are designed to match large patterns of activity and e Sets with similar termsCh. 1358 terms jadlyn_summers2 Principles of Computer Security, Chapter 1331 terms YaknFish ISY 143 Chapter 1352 terms Vylos Chapter 1336 terms alex_sugarman3 Sets found in the same folderComputer Security - Chapter 2015 terms ABaucum SRA Chapter 1344 terms dc4089 New exam SEC+121 terms Brad_Slade Security+ SY0-301 Chapter 328 terms ELESANTIAGO Other sets by this creatorNIST SPs25 terms gbc_quiz El bar (bar vocab)5 terms gbc_quiz El baño (bathroom vocab)13 terms gbc_quiz Almuerzo (lunch vocab)43 terms gbc_quiz Other Quizlet setsSelf Test: Integumentary System78 terms Kaitlin122799 Lymphatic Organs29 terms ais3253 Exercise Science Exam 131 terms Lydia_Farmer90 Related questionsQUESTION You have purchased a network-based IDS. You have been tasked with deploying the device in a location where the entire network can be protected. Where should you deploy it? 5 answers QUESTION An attribute of a hyperlink, indicating to search engines that the link is not endorsed by the Web site best describes: 13 answers QUESTION
an attempt to make a machine or network resource unavailable to its intended users. 2 answers QUESTION A --- is a weakness that allows a threat to be realized 15 answers What examines the collected network traffic and compares it to known patterns of suspicious activity stored in the signature database?Examines the collected network traffic and compares it to known patterns of suspicious or malicious activity stored in the signature database. The analysis engine is the "brains" of the IDS. -An IDS model where the IDS must know what "normal" behavior on the host or network being protected really is.
Which component of an IDS collects activity events for the IDS to examine quizlet?The analysis engine is the "brains" of the IDS. A collection of patterns and definitions of known or suspicious activity. Interfaces with the human element, providing alerts when appropriate and giving the user a means to interact with and operate the IDS.
What component does a networkWhat component does a network-based IDS use to scan traffic? A sniffer or sensor.
Which term defines a collection of predefined activity patterns that have already been identified and categorized?Signature Databse. A collection of activity patterns that have already been identified and categorized and that typically indicate suspicious or malicious activity.
|