Signature Identification?

RoyalTechRoyalTech Member Posts: 94 ■■□□□□□□□□
I'll be taking the N+ in a couple days and am going over some practice exams and came over this question.

Which of the following is used to verify configuration updates on a firewall? The answer is signature identification. Can someone please explain what signature identification is and how it applies here? I'm having difficulty finding the answer. Thanks in advance.

Comments

  • RakuraiRakurai Member Posts: 84 ■■■□□□□□□□
    My guess would be with how the firewall (I would more think IPS) would detect attacks, buy a signature of what the packets would look like.
    not sure what the rules are on linking other sites, but you can google signature identification firewall and there are some write-ups on it.
  • RoyalTechRoyalTech Member Posts: 94 ■■□□□□□□□□
    Thanks for your help. I think you are on the right path but I'm looking for something a little more definitive.
  • RakuraiRakurai Member Posts: 84 ■■■□□□□□□□
    Signature-Based Detection: This method of detection utilizes signatures, which are attack patterns that are preconfigured and predetermined. A signature-based intrusion prevention system monitors the network traffic for matches to these signatures. Once a match is found the intrusion prevention system takes the appropriate action. Signatures can be exploit-based or vulnerability-based. Exploit-based signatures analyze patterns appearing in exploits being protected against, while vulnerability-based signatures analyze vulnerabilities in a program, its execution, and conditions needed to exploit said vulnerability.

    From Wikipedia on Intrusion Prevention Systems. Gave the N+ book to someone that I work with, or else I would look it up. and I was at work with a very limited firewall/proxy to what sites I van get to.
  • charlesc09charlesc09 Member Posts: 89 ■■□□□□□□□□
    It sounds more like a security+ exam material. I am actually reading on this too from Darril's book. I've taken the N10-004 exam, so perhaps they update a bit on the N10-005?
  • DarrilDarril Member Posts: 1,588
    RoyalTech wrote: »
    I'll be taking the N+ in a couple days and am going over some practice exams and came over this question.

    Which of the following is used to verify configuration updates on a firewall? The answer is signature identification. Can someone please explain what signature identification is and how it applies here? I'm having difficulty finding the answer. Thanks in advance.

    One thing to be wary of is that some practice test questions that do not include explanations have incorrect answers. In other words, it may not be a correct answer.

    One possibility is that this is referring to a hash used as a signature to verify that the updates have not been modified. In other words, a vendor can release a file that can be used to update the configuration of a firewal. They can also create a hash of the file which can be used to verify the downloaded file has not been modified. I can envision how someone can refer to this hash as a signature for the configuration file, and call it "signature identification", but this isn't common terminology in my experience.
  • RoyalTechRoyalTech Member Posts: 94 ■■□□□□□□□□
    charlesc09 wrote: »
    It sounds more like a security+ exam material. I am actually reading on this too from Darril's book. I've taken the N10-004 exam, so perhaps they update a bit on the N10-005?

    The practice exam I am using is for the N10-004.
  • RoyalTechRoyalTech Member Posts: 94 ■■□□□□□□□□
    I sounds like no one has a definitive answer on this and that, in itself, helps me. It tells me that I shouldn't really get to concerned about it

    Darril, I run across a decent number of incorrect answers in every practice exam I have used in the past but the one I am currently using has a good reputation based on both my own experience with the A+, and friends experiences with t he N+ that I am about to take. I take your response to mean that there are practice exams out there the give explanations for each answer. Can you fill me in on where these practice exams are?

    Rakurai, I'd be interested to know if the text book you were using mention signature identification specifically. I know the two text books I am using do not mention it.

    Overall, I'm going to take what all of you said and just let it rest. There is obviously more important things to focus on.

    Thanks to everyone.
  • swildswild Member Posts: 828
    I'm gonna have to agree with Darril here.

    It sounds like whoever wrote the question didn't fully understand either concept, which would be why you can't find a decent answer. Darril's explanation is right on, but I think that's pretty far out of scope for a Net+ exam.

    I see questions like this on nearly every practice test. It just seems like someone started googling keywords and slapping together some terms and calling it a practice test.
  • RakuraiRakurai Member Posts: 84 ■■■□□□□□□□
    swild wrote: »
    I'm gonna have to agree with Darril here.

    It sounds like whoever wrote the question didn't fully understand either concept, which would be why you can't find a decent answer. Darril's explanation is right on, but I think that's pretty far out of scope for a Net+ exam.

    I see questions like this on nearly every practice test. It just seems like someone started googling keywords and slapping together some terms and calling it a practice test.

    I agree too. I would think that both how a firewall detects based on signature or if it refers to MD5 hashing to verify the integrity of the file with where you downloaded it from, that they should be more in the Security+ cert instead. I did a 5 day bootcamp for N+ and took the test not 2 weeks ago (bootcamp didn't teach me much) but I think that the topic wasn't really discussed. I would be the safe one and just have a rough overview of each for that "just in case" question that may cover it (and I think that what has been said in this thread covers a rough idea of the two).
  • RoyalTechRoyalTech Member Posts: 94 ■■□□□□□□□□
    Then it's unanimous. The question goes into the circular file. lol
Sign In or Register to comment.