2 cissp ® Official Study Guide Eighth Edition


Recognize IDS/IPS responses



Download 19,3 Mb.
Pdf ko'rish
bet741/881
Sana08.04.2023
Hajmi19,3 Mb.
#925879
1   ...   737   738   739   740   741   742   743   744   ...   881
Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

Recognize IDS/IPS responses.
An IDS can respond passively by logging and sending noti-
fications or actively by changing the environment. Some people refer to an active IDS as an 
IPS. However, it’s important to recognize that an IPS is placed in line with the traffic and 
includes the ability to block malicious traffic before it reaches the target.
Understand the differences between HIDSs and NIDSs.
Host-based IDSs (HIDSs) can 
monitor activity on a single system only. A drawback is that attackers can discover and dis-
able them. A network-based IDS (NIDS) can monitor activity on a network, and a NIDS 
isn’t as visible to attackers.
Understand honeypots, padded cells, and pseudo flaws.
A honeypot is a system that often 
has pseudo flaws and fake data to lure intruders. Administrators can observe the activity of 
attackers while they are in the honeypot, and as long as attackers are in the honeypot, they 
are not in the live network. Some IDSs have the ability to transfer attackers into a padded 
cell after detection. Although a honeypot and padded cell are similar, note that a honeypot 
lures the attacker but the attacker is transferred into the padded cell.
Understand methods to block malicious code.
Malicious code is thwarted with a com-
bination of tools. The obvious tool is anti-malware software with up-to-date definitions 
installed on each system, at the boundary of the network, and on email servers. However, 

794
Chapter 17 

Preventing and Responding to Incidents
policies that enforce basic security principles, such as the principle of least privilege, pre-
vent regular users from installing potentially malicious software. Additionally, educating 
users about the risks and the methods attackers commonly use to spread viruses helps users 
understand and avoid dangerous behaviors.

Download 19,3 Mb.

Do'stlaringiz bilan baham:
1   ...   737   738   739   740   741   742   743   744   ...   881



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish