Which of the following technologies is used to detect unauthorized attempts to access and
manipulate computer systems locally or through the Internet or an intranet?
A.
Demilitarized zone (DMZ)
B.
Firewall
C.
Intrusion detection system (IDS)
D.
Packet filtering
Explanation:
An Intrusion detection system (IDS) is used to detect unauthorized attempts to access and
manipulate computer systems locally or through the Internet or an intranet. It can detect severaltypes of attacks and malicious behaviors that can compromise the security of a network and
computers. This includes network attacks against vulnerable services, unauthorized logins and
access to sensitive data, and malware (e.g. viruses, worms, etc.). An IDS also detects attacks that
originate from within a system. In most cases, an IDS has three main components:
Sensors, Console, and Engine. Sensors generate security events. A console is used to alert and
control sensors and to monitor events. An engine is used to record events and to generate security
alerts based on received security events. In many IDS implementations, these three components are
combined into a single device. Basically, following two types of IDS are used :
Network-based IDS
Host-based IDS
Answer option D is incorrect. Packet filtering is a method that allows or restricts the flow of specific
types of packets to provide security. It analyzes the incoming and outgoing packets and lets them
pass or stops them at a network interface based on the source and destination addresses, ports, or
protocols. Packet filtering provides a way to define precisely which type of IP traffic is allowed to
cross the firewall of an intranet. IP packet filtering is important when users from private intranets
connect to public networks, such as the Internet.
Answer option B is incorrect. A firewall is a tool to provide security to a network. It is used to protect
an internal network or intranet against unauthorized access from the Internet or other outside
networks. It restricts inbound and outbound access and can analyze all traffic between an internal
network and the Internet. Users can configure a firewall to pass or block packets from specific IP
addresses and ports.
Answer option A is incorrect. Demilitarized zone (DMZ) or perimeter network is a small network that
lies in between the Internet and a private network. It is the boundary between the Internet and an
internal network, usually a combination of firewalls and bastion hosts that are gateways between
inside networks and outside networks. DMZ provides a large enterprise network or corporate
network the ability to use the Internet while still maintaining its security.
Reference: “http://en.wikipedia.org/wiki/Intrusion-detection_system”