A company has proprietary mission critical devices connected to their network which are
configured remotely by both employees and approved customers. The administrator wants to
monitor device security without changing their baseline configuration. Which of the following
should be implemented to secure the devices without risking availability?

A.
Host-based firewall

B.
IDS

C.
IPS

D.
Honeypot

Explanation:
An intrusion detection system (IDS) is a device or software application that monitors network or
system activities for malicious activities or policy violations and produces reports to a management
station. IDS come in a variety of “flavors” and approach the goal of detecting suspicious traffic in
different ways. There are network based (NIDS) and host based (HIDS) intrusion detection
systems. Some systems may attempt to stop an intrusion attempt but this is neither required nor
expected of a monitoring system. Intrusion detection and prevention systems (IDPS) are primarily
focused on identifying possible incidents, logging information about them, and reporting attempts.
In addition, organizations use IDPSes for other purposes, such as identifying problems with
security policies, documenting existing threats and deterring individuals from violating security
policies. IDPSes have become a necessary addition to the security infrastructure of nearly every
organization.
IDPSes typically record information related to observed events, notify security administrators of
important observed events and produce reports. Many IDPSes can also respond to a detected
threat by attempting to prevent it from succeeding. They use several response techniques, which
involve the IDPS stopping the attack itself, changing the security environment (e.g. reconfiguring a
firewall) or changing the attack’s content.