Term
|
Definition
Alerts user or administrator of a threat. Passive.
Signature-Based IDS: Detect threats against a database of known vulnerabilities and attack patterns. Most common type of IDS
Anomaly-based IDS: First identifies normal behavior through a performance baseline. Monitors network behavior against the performance baseline |
|
|
Term
|
Definition
Takes action against a threat. Active.
Will detect and block attacks
In-line (or all) traffic that passes through the IPS is checked |
|
|
Term
|
Definition
| Can detect malicious activity missed by antivirus software |
|
|
Term
|
Definition
Installed on network devices like routers.
Can’t monitor encrypted traffic or traffic on specific hosts unless that malicious traffic causes significant disruptions on a network.
Both IDSs and IPSs include sniffing capabilities. You would install a NIPS on the perimeter of the network |
|
|
Term
|
Definition
Alert or alarm on an event that is non threatening, benign or harmless.
False negative
Attack is not detected by the system.
Set the IDS threshold low enough that it minimizes false positives but high enough that it does not allow false negatives |
|
|
Term
|
Definition
Hardware devices focused on handling TLS traffic and speeds up web based transactions using TLS. TLS traffic is given priority.
TLS accelerator should be placed near related devices, such as a web server (most commonly running HTTPS) |
|
|
Term
|
Definition
Used as a countermeasure against encrypted attacks
Usually placed in the DMZ / network perimeter |
|
|
Term
|
Definition
Uses virtualization to route and manage traffic. Accomplished with the use of layer 3 protocols.
Essentially just virtualization of the network layer |
|
|
