Config Router

You are here: Home / Cisco / Network Security FAQ: Intrusion Detection System Concepts

Network Security FAQ: Intrusion Detection System Concepts

by

Network Security FAQ: Intrusion Detection System Concepts

Q1. List two weaknesses of the signature-based IDS.

Answer: Weaknesses of the signature-based IDS include the following:

  • High false positive rate
  • Evasion susceptibility
  • Single vulnerability may require multiple signatures
  • Continuous updates required
  • Cannot detect unknown attacks

Q2. Why does the deployment of a policy-based IDS take a long time?

Answer: Deployment of policy-based IDS is lengthy because all the security policy rules of the company must be programmed into the IDS.

Q3. Which IDS is not limited by bandwidth restrictions or data encryption?

Answer: A host IDS is not limited by bandwidth restrictions or data encryption.

Q4. Which IDS is very challenging in a switched environment?

Answer: A network IDS is very challenging in a switched environment because traffic is aggregated only on the backplanes of the devices.

Q5. Name the two main components of a Cisco host IDS.

Answer: The two main components of a Cisco host IDS are as follows:

  • Cisco Secure Agent
  • Cisco Management Station

Q6. Name the two interfaces of a network IDS.

Answer: The two interfaces of a network IDS are as follows:

  • Monitoring or capturing interface
  • Command and control interface

Q7. What are the three main components of a network IDS?

Answer: The three main components of a network IDS are the network sensor, the network management station, and the communication channel.

Q8. List three responses to events or alerts.

Answer: IDSs can respond to attacks in a few different ways. IDSs can actively terminate the session, block the attacking host, or passively create IP session logs.

Q9. What two processes are in place to automate sensor maintenance?

Answer: Automatic updates (auto update server) and active update notification are two ways to automate sensor maintenance.

Q10. The RDEP protocol communication consists of what two message types?

Answer: The RDEP protocol communication consists of two message types: the RDEP request and the RDEP response message. These messages can be event messages or IP log messages.