Network Security FAQ: Intrusion Detection System Concepts
Q1. List two weaknesses of the signature-based IDS.
Answer: Weaknesses of the signature-based IDS include the following:
- High false positive rate
- Evasion susceptibility
- Single vulnerability may require multiple signatures
- Continuous updates required
- Cannot detect unknown attacks
Q2. Why does the deployment of a policy-based IDS take a long time?
Q3. Which IDS is not limited by bandwidth restrictions or data encryption?
Q4. Which IDS is very challenging in a switched environment?
Q5. Name the two main components of a Cisco host IDS.
Answer: The two main components of a Cisco host IDS are as follows:
- Cisco Secure Agent
- Cisco Management Station
Q6. Name the two interfaces of a network IDS.
Answer: The two interfaces of a network IDS are as follows:
- Monitoring or capturing interface
- Command and control interface
Q7. What are the three main components of a network IDS?
Q8. List three responses to events or alerts.
Q9. What two processes are in place to automate sensor maintenance?
Q10. The RDEP protocol communication consists of what two message types?