Which of the following security architecture elements also has sniffer functionality? (Select TWO).
A.
HSM
B.
IPS
C.
SSL accelerator
D.
WAP
E.
IDS
Explanation:
Sniffer functionality means the ability to capture and analyze the content of data packets as they are
transmitted across the network.
IDS and IPS systems perform their functions by capturing and analyzing the content of data packets.
An intrusion detection system (IDS) is a device or software application that monitors network or system
activities for malicious activities or policy violations and produces reports to a management station. IDS
come in a variety of “flavors” and approach the goal of detecting suspicious traffic in different ways.
There are network based (NIDS) and host based (HIDS) intrusion detection systems. Some systems may
attempt to stop an intrusion attempt but this is neither required nor expected of a monitoring system.
Intrusion detection and prevention systems (IDPS) are primarily focused on identifying possible incidents,
logging information about them, and reporting attempts. In addition, organizations use IDPSes for other
purposes, such as identifying problems with security policies, documenting existing threats and deterring
individuals from violating security policies. IDPSes have become a necessary addition to the security
infrastructure of nearly every organization.
IDPSes typically record information related to observed events, notify security administrators of
important observed events and produce reports. Many IDPSes can also respond to a detected threat by
attempting to prevent it from succeeding. They use several response techniques, which involve the IDPS
stopping the attack itself, changing the security environment (e.g. reconfiguring a firewall) or changing
the attack’s content.
Incorrect Answers:
A: A hardware security module (HSM) is a physical computing device that safeguards and manages digital
keys for strong authentication and provides cryptoprocessing. These modules traditionally come in the
form of a plug-in card or an external device that attaches directly to a computer or network server. An
HSM does not have sniffer functionality.
C: SSL acceleration is a method of offloading the processor-intensive public-key encryption algorithms
involved in SSL transactions to a hardware accelerator. An SSL accelerator does not have sniffer
functionality.D: A WAP (Wireless Access Point) is a device used to create a wireless network. A WAP receives and
transmits data packets over a wireless network connection. However, a WAP does not have sniffer
functionality.http://en.wikipedia.org/wiki/Intrusion_detection_system
http://en.wikipedia.org/wiki/Hardware_security_module
http://en.wikipedia.org/wiki/SSL_acceleration
Intrusion Detection Systems and Intrusion Protection Systems both have the ability of sniffing data for anomalies. They make use of Protocol analysers to that avail.
If they could not do that, they would be completely useless a detecting and stopping attacks.
0
0