Back to notes
What are the key capabilities of Blumira as an IDS tool?
Press to flip
Blumira is a Security Information and Event Management (SIEM) platform that monitors IT infrastructure for suspicious activity and enables responses to in-progress attacks.
Describe Signature-Based Intrusion Detection.
Signature-Based Intrusion Detection compares network traffic and log data against known attack patterns, which allows it to detect recognized threats with high accuracy.
Why is continuous monitoring and updating essential for an IDS?
Continuous monitoring and updating are essential for the effectiveness of an IDS because they enable it to adapt to evolving threats and vulnerabilities, ensuring it remains capable of detecting and responding to new attack methods.
How does an IDS differ from an Intrusion Prevention System (IPS)?
An IDS detects and sends alerts about potential threats but does not take action to block them, whereas an IPS both detects and actively prevents or blocks threats.
Describe a Network-Based IDS (NIDS).
A Network-Based IDS (NIDS) uses sensors placed at key network points, such as the DMZ or network perimeter, to monitor inbound and outbound traffic. Multiple instances may be necessary depending on network architecture.
What are masqueraders and how do they operate?
Masqueraders are outsiders without authorized access to a network. They use various methods such as Distributed Denial of Service (DDoS) attacks and injection attacks to breach security.
What features does the SolarWinds Security Event Manager offer?
SolarWinds Security Event Manager integrates log data for both network-based and host-based IDS, detects malicious attacks using customizable rules, and employs both signature-based and anomaly-based detection methods.
What is Anomaly-Based Intrusion Detection and what is its main drawback?
Anomaly-Based Intrusion Detection uses machine learning to create baselines of trustworthy activity. It detects deviations from these baselines but is prone to false alarms from legitimate yet unusual network traffic.
What is an IDS and what does it do?
An Intrusion Detection System (IDS) is an application or device that monitors network traffic for unusual or suspicious activity. It analyzes changes and patterns in activity and sends alerts to administrators or security teams for further investigation.
How does an IDS use a Switched Port Analyzer or Test Access Port?
An IDS uses a Switched Port Analyzer or Test Access Port to capture network traffic for analysis without introducing latency, thus avoiding a slowdown in network performance.
What distinguishes a Cloud-Based IDS from other types?
A Cloud-Based IDS is optimized for cloud environments and leverages cloud service provider APIs to gain visibility and monitor cloud-based activities.
What is a Host-Based IDS (HIDS) and what does it monitor?
A Host-Based IDS (HIDS) consists of agents running on individual servers, endpoints, and devices. It monitors OS-specific activities such as file system changes and registry modifications, detecting anomalies from within the organization.
What are misfeasors and what kind of threats do they pose?
Misfeasors are insiders who have authorized access to a network. They misuse their permissions for unethical activities such as corporate espionage or aiding outside attackers.
How does McAfee LiveSafe detect threats?
McAfee LiveSafe provides real-time threat awareness, uses emulation techniques for malware detection, and correlates threat activity with application usage.
What is Hybrid Intrusion Detection?
Hybrid Intrusion Detection combines Signature-Based and Anomaly-Based methods to provide comprehensive threat coverage, aiming to detect both known and unknown attacks.
Previous
Next