Home
Flashcards
Preview
Network Authentication Chapter 5
Home
Get App
Take Quiz
Create
Intrusion Detection System (IDS)
An IDS monitors traffic offline and generates an alert (log) when it detects malicious traffic
What types of malicious traffic does IDS detect?
–Reconnaissance attacks
–Access attacks
–Denial of Service attacks
Signature attributes (3)
Signature Type
Trigger (Alarm)
Action
Signature Micro - Engines (5)
Atomic
Service
String
Multi-string
Other
four types of signature triggers
–Pattern-based
detection
–Policy-based
detection
–Anomaly-based
detection
–Honey
pot-based detection
Tuning Alarms
True Positive
True Negative
False Positive
False Negative
Tuning IPS Signature Alarms (4)
Low
Medium
High
Informational
Cisco device management software (3)
–Cisco
Router and Security Device Manager
(SDM)
–Cisco
IPS Manager Express (IME)
–Cisco
Security Manager (CSM)
Actions performed when a signature is detected. (6)
Generate an alart
Log the activity
drop or prevent the activity
Reset a TCP connection
block future activity
allow the activity
Two types of alerts
Atomic
Summary
Atomic Alerts
Generated every time a signature triggers.
Summary Alerts
A single alert that indicates multiple occurrences of the same signature from the same source address or port.
To implement IOS IPS:
Step 1. Download the IOS IPS files.
Step 2. Create an IOS IPS configuration directory in flash.
Step 3. Configure an IOS IPS crypto key.
Step 4. Enable IOS IPS.
Step 5. Load the IOS IPS signature package to the router.
Author
jal128
ID
299594
Card Set
Network Authentication Chapter 5
Description
Network Authentication Chapter 5
Updated
2015-03-31T17:09:37Z
Show Answers
Home
Flashcards
Preview