Matt, an IT administrator, wants to protect a newly built server from zero day attacks. Which of the following would provide the BEST level of protection?
A.
HIPS
B.
Antivirus
C.
NIDS
D.
ACL
Explanation:
Intrusion prevention systems (IPS), also known as intrusion detection and prevention systems (IDPS), are network security appliances that monitor network and/or
system activities for malicious activity. The main functions of intrusion prevention systems are to identify malicious activity, log information about this activity,
attempt to block/stop it, and report it.Intrusion prevention systems are considered extensions of intrusion detection systems because they both monitor network traffic and/or system activities for
malicious activity. The main differences are, unlike intrusion detection systems, intrusion prevention systems are placed in- line and are able to actively prevent/
block intrusions that are detected. More specifically, IPS can take such actions as sending an alarm, dropping the malicious packets, resetting the connection and/
or blocking the traffic from the offending IP address. An IPS can also correct Cyclic Redundancy Check (CRC) errors, unfragment packet streams, prevent TCP
sequencing issues, and clean up unwanted transport and network layer options. Host-based intrusion prevention system (HIPS) is an installed software package
which monitors a single host for suspicious activity by analyzing events occurring within that host. A Host-based intrusion prevention system (HIPS) is an installed
software package which monitors a single host for suspicious activity by analyzing events occurring within that host. As a zero-day attack is an unknown
vulnerability (a vulnerability that does not have a fix or a patch to prevent it), the best defence would be an intrusion prevention system.
Incorrect Answers:
B: Antivirus software provides protection against KNOWN viruses. As a zero-day attack is an unknown vulnerability (a vulnerability that does not have a fix or a
patch to prevent it) antivirus software cannot protect against it. This answer is therefore incorrect.
C: NIDS (network intrusion detection systems) are designed to detect attempts to gain access to the network. We need to protect a server from zero day attacks,
not the network. This answer is therefore incorrect.
D: This question asks for the BEST option. A HIPS may be able to detect a zero day attack and is therefore a better option. An ACL (access control list) can only
restrict access to resources.
This answer is therefore incorrect.http://en.wikipedia.org/wiki/Intrusion_prevention_system