Network Authentication Chapter 5

  1. Intrusion Detection System (IDS)
    An IDS monitors traffic offline and generates an alert (log) when it detects malicious traffic
  2. What types of malicious traffic does IDS detect?
    –Reconnaissance attacks

    –Access attacks

    –Denial of Service attacks
  3. Signature attributes (3)
    • Signature Type
    • Trigger (Alarm)
    • Action
  4. Signature Micro - Engines (5)
    • Atomic
    • Service
    • String
    • Multi-string
    • Other
  5. four types of signature triggers
    • –Pattern-based
    • detection

    • –Policy-based
    • detection

    • –Anomaly-based
    • detection

    • –Honey
    • pot-based detection
  6. Tuning Alarms
    • True Positive
    • True Negative
    • False Positive
    • False Negative
  7. Tuning IPS Signature Alarms (4)
    • Low
    • Medium
    • High
    • Informational
  8. Cisco device management software (3)
    • –Cisco
    • Router and Security Device Manager
    • (SDM)

    • –Cisco
    • IPS Manager Express (IME)

    • –Cisco
    • Security Manager (CSM)
  9. Actions performed when a signature is detected. (6)
    • Generate an alart
    • Log the activity
    • drop or prevent the activity
    • Reset a TCP connection
    • block future activity
    • allow the activity
  10. Two types of alerts
    • Atomic
    • Summary
  11. Atomic Alerts
    Generated every time a signature triggers.
  12. Summary Alerts
    A single alert that indicates multiple occurrences of the same signature from the same source address or port.
  13. To implement IOS IPS:
    • Step 1. Download the IOS IPS files.
    • Step 2. Create an IOS IPS configuration directory in flash.
    • Step 3. Configure an IOS IPS crypto key.
    • Step 4. Enable IOS IPS.
    • Step 5. Load the IOS IPS signature package to the router.
Author
jal128
ID
299594
Card Set
Network Authentication Chapter 5
Description
Network Authentication Chapter 5
Updated