An enterprise has been experiencing attacks focused on exploiting vulnerabilities in older browser versions with well-known exploits. Which of the following security solutions should be configured to best provide the ability to monitor and block these known signature-based attacks?
An IPS is designed to continuously monitor network traffic and take immediate action to block potential threats based on known signatures. It’s an active security measure that not only detects but also prevents the exploitation of known vulnerabilities. A. ACL (Access Control List): ACLs are used to control the flow of traffic based on rules, but they are not dynamic enough to monitor or block signature-based attacks effectively. B. DLP (Data Loss Prevention): DLP systems are focused on preventing data breaches by detecting and blocking potential data leaks/exfiltration, not on monitoring or blocking attacks per se. C. IDS (Intrusion Detection System): While an IDS can detect known signature-based attacks, it does not block them; it only alerts the system administrators of the potential threat. D. IPS (Intrusion Prevention System): As mentioned, an IPS actively monitors and blocks attacks, making it the most suitable option for the scenario described.
An Intrusion Prevention System (IPS) is designed to monitor network traffic for suspicious activity, and it can take proactive steps to block or prevent those activities in real-time. IPS uses signature-based detection to identify known vulnerabilities and exploits, making it particularly effective against attacks that exploit well-documented and widely known browser vulnerabilities.
ACL (Access Control List): Used to control network traffic and define which users or system processes have permissions to access resources or perform operations on a network. DLP (Data Loss Prevention): Designed to prevent sensitive data from being lost, misused, or accessed by unauthorized users, and to monitor data transfers to ensure compliance with data protection policies. IDS (Intrusion Detection System): Monitors network or system activities for malicious activities or policy violations. An IDS alerts administrators of potential threats but does not take action to block them. IPS (Intrusion Prevention System): Monitors and controls network and system activities to protect against malicious activities by detecting and preventing attacks in real-time. An IPS can block traffic that matches known attack signatures. Correct Answer: D. IPS The IPS is the appropriate solution as it can monitor and block known signature-based attacks.
D. IPS (Intrusion Prevention System) An Intrusion Prevention System (IPS) is designed to monitor network and/or system activities for malicious activities or policy violations and can take actions to block or prevent those activities. Since the enterprise is dealing with known signature-based attacks, an IPS is the best solution because it can actively block these attacks by using signatures to identify and mitigate them in real-time. Therefore, the correct answer is: D. IPS
D: IPS
D. IPS
An IPS system being configured can have a chance of blocking code that certain systems with newer web browsers may need, or not be vulnerable to at all. An IDS would allow you to be notified of these recognized signatures, & determine if it's appropriate to allow, or not. Another safe option would be to know what systems are using older browser versions, & update them, if not, then segment them specifically, & use an IPS appliance if anti-virus automation is what is necessary.
was confused by "correct answer" IPS forsure
Definitely D
Can someone explain to me why the answer is IDS? IDS only alerts, it does not block anything. IPS alerts and blocks suspicious activity. Therefore, the answer should be IPS.