Question about IDS

I had a question in a practice test that confused me a bit. I know Comptia likes to throw weird wording in their tests and it gets me sometimes. here is the question:

Which System would you install to provide protection and notification of security problems in a network connected to the Internet?

A. IDS
B. Network monitoring
C. Router
D. VPN

Now the answer is A. I did put A because I knew the others where definitely wrong. The problem I have is, IDS is not a "protection" system like it states in the question. From what I understand it is a detection system that notifies you of abnormal behavior / intrusions. The IPS is the "protection" system.

Is there a layer of protection on the IDS's that I just don't know about?

Thanks for the info in advance.

Find more posts tagged with

Comments

cyberguypr

Well, IDS could be set as active response, where it will do some session disruption (seee https://www.sans.org/security-resources/idfaq/active.php), but that's outside the scope of the question. Taking it at face value, remember that you need to choose the BEST answer. In some cases it means the one that sucks less. In this case that is IDS.

netsysllc

Poorly worded question on their part. You are correct that it would need to be an IPS to actually provide proactive protection. The IDS only alerts you and gives you reactive information to use.

IS3

From what i understood:

IDS = Protects passively and notify
IPS = Protects actively and notify

They both "protect" because they're considered as security devices.

Just my thought...

TallDude7

those wacky questions you have to use process of elimination. A is best out of the four

T-RAV

IS3 wrote: »

From what i understood:

IDS = Protects passively and notify
IPS = Protects actively and notify

They both "protect" because they're considered as security devices.

Just my thought...

Thanks for the reply. I see where you are coming from. To me being passive is not protecting it is simply monitoring. I guess in terms of security it warns you so you can take actions to protect.

I hate to sound like I'm nit picky. not trying to be. I just wanted to make sure I fully understood the function of an IDS. I've just had a lot of questions that had IPS and IDS as an option to select and I would like to think if IPS was one of the options in the above question, it would have been the correct answer.

fuz1on

The question is really badly worded as host-based intrusion detection (HIDS) is an IDS and supports network monitoring. The keyword is system since network monitoring is just part of HIDS or NIDS - therefore, it must be IDS.

TechGuru80

T-RAV wrote: »

I had a question in a practice test that confused me a bit. I know Comptia likes to throw weird wording in their tests and it gets me sometimes. here is the question:

Which System would you install to provide protection and notification of security problems in a network connected to the Internet?

A. IDS
B. Network monitoring
C. Router
D. VPN

Now the answer is A. I did put A because I knew the others where definitely wrong. The problem I have is, IDS is not a "protection" system like it states in the question. From what I understand it is a detection system that notifies you of abnormal behavior / intrusions. The IPS is the "protection" system.

Is there a layer of protection on the IDS's that I just don't know about?

Thanks for the info in advance.

We refer to an IDS as a detective control to help us protect our network by alerting us if a signature matches malicious traffic...an IPS takes it one step further and stops the traffic without our intervention.

B and C are for routing traffic and seeing the traffic load on the network...not what we are looking for in this question.

D. VPNs are for remote connectivity via the Internet providing a secure channel from the client into the network but it is not something to alert us.

Generally you can use the process of elimination if you really aren't sure...for example in this question we can pretty easily eliminate 2 answers and with a little more focus remove a third answer.