Which of the following answers presents the MOST significant threat to network based IDS or IPS systems?

A.
Encrypted Traffic

B.
Complex IDS/IPS Signature Syntax

C.
Digitally Signed Network Packets

D.
Segregated VLANs

Explanation:
Encrypted network packets present the biggest threat to an effective IDS/IPS plan because the network traffic
cannot easily be decoded and examined.
Encrypted packets cannot be examined by the IDS to determine if there is a threat there so in most cases the
traffic is just forwarded along with the potential threat.
There is an industry where a company provides examination services for your network traffic, acting like a proxy
server for all your network traffic.
You simply send them copies of your certificates so they can decode the traffic. This is common in the financial
industry where violating federal law or being sued by federal investigators for insider trading can lead to
business collapse.
The external company examines all the network traffic coming and going from your network for potential
liabilities.
Incorrect Answers:
B: Complex IDS/IPS Signature syntax: IDS/IPS signatures can be complex but this is not the MOST significant
threat to the functionality of an IDS/IPS system.
C: Digitally Signed Network Packets: This is not threat to IDS/IPS systems looking for dangerous network
traffic.
D: Segregated VLANs are only a threat if the IDS/IPS system is not monitoring traffic on the segregated VLAN.VLANs can present barriers to IDS/IPS systems spotting dangerous traffic. There is an easy solution to VLANs
and IDS/IPS systems and that would be simply placing an IDS/IPS sensor on that VLAN and set it up to send
its traffic to the IDS/IPS management system.