How does an IPS differ from an IDS?
A. An IPS is passive and an IDS is active.
B. An IPS uses heuristics and an IDS is signature-based.
C. An IPS will block, reject, or redirect unwanted traffic; an IDS will only send an alert.
D. An IDS will block, reject, or redirect unwanted traffic; an IPS will only send an alert.
Home
Subjects
Expert solutions
Create
Log in
Sign up
Upgrade to remove ads
Only ₩37,125/year
-
Flashcards
-
Learn
-
Test
-
Match
-
Flashcards
-
Learn
-
Test
-
Match
Intrusion Detection and Prevention Systems
Terms in this set (9)
Intrusion Detection System (IDS)
A security system that detects inappropriate or malicious activity on a computer network
Host-based IDS (HIDS)
Examines activity on an individual system, such as a mail server, web server, or individual PC. It is concerned only with an individual system and usually has no visibility into the activity on the network or systems around it.
Network-based IDS (NIDS)
Examines activity on the network itself. It has visibility only into the traffic crossing the network link it is monitoring and typically has no idea of what is happening on individual systems.
Traffic collector (or sensor)
Collects activity/events for the IDS to examine. On a HIDS, this could be log files, audit logs, or traffic coming to or leaving a specific system. On a NIDS, this is typically a mechanism for copying traffic off the network link - basically functioning as a sniffer. This component is often referred to as a sensor.
*Logical component of an IDS
Analysis engine
Examines the collected network traffic and compares it to known patterns of suspicious or malicious activity stored in the signature database. The analysis engine is the "brains" of the IDS.
*Logical component of an IDS
Signature database
A collection of patterns and definitions of known or suspicious activity.
*Logical component of an IDS
User interface and reporting
Interfaces with the human element, providing alerts when appropriate and giving the user a means to interact with and operate the IDS.
*Logical component of an IDS
Content-based signatures
Designed to examine the content of such things as network packets or log entries. They are typically easy to build and look for simple things.
Context-based signatures
More complicated than content-based signatures. They are designed to match large patterns of activity and e
Sets with similar termsCh. 13
58 terms
jadlyn_summers2
Principles of Computer Security, Chapter 13
31 terms
YaknFish
ISY 143 Chapter 13
52 terms
Vylos
Chapter 13
36 terms
alex_sugarman3
Sets found in the same folderComputer Security - Chapter 20
15 terms
ABaucum
SRA Chapter 13
44 terms
dc4089
New exam SEC+
121 terms
Brad_Slade
Security+ SY0-301 Chapter 3
28 terms
ELESANTIAGO
Other sets by this creatorNIST SPs
25 terms
gbc_quiz
El bar (bar vocab)
5 terms
gbc_quiz
El baño (bathroom vocab)
13 terms
gbc_quiz
Almuerzo (lunch vocab)
43 terms
gbc_quiz
Other Quizlet setsSelf Test: Integumentary System
78 terms
Kaitlin122799
Lymphatic Organs
29 terms
ais3253
Exercise Science Exam 1
31 terms
Lydia_Farmer90
Related questionsQUESTION
You have purchased a network-based IDS. You have been tasked with deploying the device in a location where the entire network can be protected. Where should you deploy it?
5 answers
QUESTION
An attribute of a hyperlink, indicating to search engines that the link is not endorsed by the Web site best describes:
13 answers
QUESTION
an attempt to make a machine or network resource unavailable to its intended users.
2 answers
QUESTION
A --- is a weakness that allows a threat to be realized
15 answers