2 cissp ® Official Study Guide Eighth Edition



Download 19,3 Mb.
Pdf ko'rish
bet707/881
Sana08.04.2023
Hajmi19,3 Mb.
#925879
1   ...   703   704   705   706   707   708   709   710   ...   881
Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

Active Response
Active responses can modify the environment using several different 
methods. Typical responses include modifying ACLs to block traffi c based on ports, proto-
cols, and source addresses, and even disabling all communications over specifi c cable seg-
ments. For example, if an IDS detects a SYN fl ood attack from a single IP address, the IDS 
can change the ACL to block all traffi c from this IP address. Similarly, if the IDS detects a 
ping fl ood attack from multiple IP addresses, it can change the ACL to block all ICMP traf-
fi c. An IDS can also block access to resources for suspicious or ill-behaved users. Security 
administrators confi gure these active responses in advance and can tweak them based on 
changing needs in the environment. 
An IDS that uses an active response is sometimes referred to as an IPS 
(intrusion prevention system). This is accurate in some situations. However, 
an IPS (described later in this section) is placed in line with the traffic. If an 
active IDS is placed in line with the traffic, it is an IPS. If it is not placed in line 
with the traffic, it isn’t a true IPS because it can only respond to the attack 
after it has detected an attack in progress. NIST SP 800-94 recommends 
placing all active IDSs in line with the traffic so that they function as IPSs.

760
Chapter 17 

Preventing and Responding to Incidents
Host- and Network-Based IDSs
IDS types are commonly classified as host based and network based. A 
host-based IDS 
(HIDS)
monitors a single computer or host. A 
network-based IDS (NIDS)
monitors a
network by observing network traffic patterns.
A less-used classification is an application-based IDS, which is a specific type of net-
work-based IDS. It monitors specific application traffic between two or more servers. For 
example, an application-based IDS can monitor traffic between a web server and a data-
base server looking for suspicious activity.

Download 19,3 Mb.

Do'stlaringiz bilan baham:
1   ...   703   704   705   706   707   708   709   710   ...   881



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish