Detection and Prevention

You want to make sure that a set of servers will only accept traffic for specific network services. You have verified that the servers are only running the necessary services, but you also want to make sure that the servers will not accept packets sent to those services.
Which tool should you use?
Port scanner.
Which of the following devices is capable of detecting and responding to security threats?
Which of the following functions can a port scanner provide?
Determine which ports are open on a firewall.
Discover unadvertised servers.
Which of the following devices can monitor a network and detect potential security attacks?
You are concerned about protecting your network from network-based attacks from the Internet. Specifically, you are concerned about “zero day” attacks (attacks that have not yet been identified or that do not have prescribed protections).
Which type of device should you use?
Anomaly based IDS>
Which IDS method searches for intrusion or attack attempts by recognizing patterns or identities listed in a database?
Signature based.
You are concerned about attacks directed at your network firewall. You want to be able to identify and be notified of any attacks. In addition, you want the system to take immediate action when possible to stop or prevent the attack
Which tool should you use?
As a security precaution, you have implemented IPsec that is used between any two devices on your network. IPsec provides encryption for traffic between devices.
You would like to implement a solution that can scan the contents of the encrypted traffic to prevent any malicious attacks.
Which solution should you implement?
Host based IDS.
What is the most common form of based IDS that employs signature or pattern matching detection methods?
Anti-virus software.
Which of the following is a security service that monitors network traffic in real time or reviews the audit logs on servers looking for security violations?
What security mechanism can be used to detect attacks originating on the Internet or from within an internal trusted subnet?
What actions can a typical passive Intrusion Detection System (IDS) take when it detects an attack?
An alert is generated and delivered via Email, the console, or an SNMP trap.
The IDS logs all pertinent data about the intrusion.