Which of the following is a hardware requirement that either an IDS/IPS system or a proxy server must have in
order to properly function?
A.
Fast processor to help with network traffic analysis
B.
They must be dual-homed
C.
Similar RAM requirements
D.
Fast network interface cards
Explanation:
Dual-homed or dual-homing can refer to either an Ethernet device that has more than one network interface, for
redundancy purposes, or in firewall technology, dual-homed is one of the firewall architectures, such as an IDS/
IPS system, for implementing preventive security.
References: https://en.wikipedia.org/wiki/Dual-homed
I think this is a pretty poor question.
Something in the path of traffic such as a proxy or IPS does need significant processing to analyze and decrypt/encrypt without killing production bandwidth. Sufficient network interfaces line rate is also important. For example a gigabit interface may be OK for most internet connections but 10/40/100 Gb may be required to firewall traffic inside a larger data center.
An IDS is out of the production pathway (e.g. TAP mod) and processing is not as critical.
Regarding dual-homed / two-arm mode, saying it must be deployed this was is bullshit. For example you can deploy a proxy / IPS in one-arm mode (e.g. in a DMZ) and have two sets of zone pair rules on the firewall to route / NAT / enforce policy (e.g. outside / DMZ; DMZ / inside). I would generally prefer not to have multiple (e.g. via firewall, via proxy) parallel paths into the trusted network as it increases the attack surface and chance for pivot.