An administrator is looking to implement a security device which will be able not only to detect network
intrusions at the organization level, but also help to defend against them.
Which of the following is being described here?
Network-based intrusion prevention system (NIPS) monitors the entire network for suspicious traffic by
analyzing protocol activity. The main functions of intrusion prevention systems are to identify malicious activity,
log information about this activity, attempt to block/stop it, and report it
A: A network-based IDS (NIDS) watches network traffic in real time. It’s reliable for detecting network-focused
attacks, such as bandwidth-based DoS attacks.
C: Host-based intrusion prevention system (HIPS) is an installed software package which monitors a single
host for suspicious activity by analyzing events occurring within that host.
D: A host-based IDS (HIDS) watches the audit trails and log files of a host system. It’s reliable for detecting
attacks directed against a host, whether they originate from an external source or are being perpetrated by a
user locally logged in to the host.
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, p. 21