A security department notices that the ports on a FTP server are experiencing a high rate of traffic, preventing
legitimate traffic from reaching the server.
Which of the following would the security department implement to identify and trap new attacks?
A.
Honeynet
B.
IDS
C.
HIPS
D.
ACL
E.
Firewall
Explanation:
https://en.wikipedia.org/wiki/Intrusion_detection_system
Shouldn’t this be A: Honeynet ?
A: In computer terminology, a honeypot is a computer security mechanism set to detect, deflect, or, in some manner, counteract attempts at unauthorized use of information systems. Generally, a honeypot consists of data (for example, in a network site) that appears to be a legitimate part of the site, but is actually isolated and monitored, and that seems to contain information or a resource of value to attackers, who are then blocked. This is similar to the police baiting a criminal.
Two or more honeypots on a network form a honey net. Typically, a honey net is used for monitoring a larger and/or more diverse network in which one honeypot may not be sufficient.
B: An IDS is a passive detection system. It can detect the presence of an attack, log the information, and send an alert (so it does NOT “trap” atacks).
C: An intrusion prevention system (IPS) includes the functionality of an IDS. However, an IPS is an active device that continually scans the network, looking for inappropriate activity. It can shut down any potential threats. The IPS looks for any known signatures of common attacks and automatically tries to prevent those attacks.
But “C” is a host based IPS and since they are talking about a FTP server this can’t be the answer.
D and E: I hope that a security department hasn’t forgotten to implement these… but they could be right if multiple answers are allowed.
1
0
IDS doesnt trap, shouldn’t it be A? Or maybe C, HIPS?
1
0