Question about IDS

T-RAVT-RAV Member Posts: 22 ■□□□□□□□□□
I had a question in a practice test that confused me a bit. I know Comptia likes to throw weird wording in their tests and it gets me sometimes. here is the question:

Which System would you install to provide protection and notification of security problems in a network connected to the Internet?

A. IDS
B. Network monitoring
C. Router
D. VPN

Now the answer is A. I did put A because I knew the others where definitely wrong. The problem I have is, IDS is not a "protection" system like it states in the question. From what I understand it is a detection system that notifies you of abnormal behavior / intrusions. The IPS is the "protection" system.

Is there a layer of protection on the IDS's that I just don't know about?

Thanks for the info in advance.

Comments

  • cyberguyprcyberguypr Mod Posts: 6,928 Mod
    Well, IDS could be set as active response, where it will do some session disruption (seee https://www.sans.org/security-resources/idfaq/active.php), but that's outside the scope of the question. Taking it at face value, remember that you need to choose the BEST answer. In some cases it means the one that sucks less. In this case that is IDS.
  • netsysllcnetsysllc Member Posts: 479 ■■■■□□□□□□
    Poorly worded question on their part. You are correct that it would need to be an IPS to actually provide proactive protection. The IDS only alerts you and gives you reactive information to use.
  • IS3IS3 Member Posts: 71 ■■□□□□□□□□
    From what i understood:

    IDS = Protects passively and notify
    IPS = Protects actively and notify

    They both "protect" because they're considered as security devices.

    Just my thought...
    :study:
  • TallDude7TallDude7 Member Posts: 61 ■■□□□□□□□□
    those wacky questions you have to use process of elimination. A is best out of the four
  • T-RAVT-RAV Member Posts: 22 ■□□□□□□□□□
    IS3 wrote: »
    From what i understood:

    IDS = Protects passively and notify
    IPS = Protects actively and notify

    They both "protect" because they're considered as security devices.

    Just my thought...


    Thanks for the reply. I see where you are coming from. To me being passive is not protecting it is simply monitoring. I guess in terms of security it warns you so you can take actions to protect.

    I hate to sound like I'm nit picky. not trying to be. I just wanted to make sure I fully understood the function of an IDS. I've just had a lot of questions that had IPS and IDS as an option to select and I would like to think if IPS was one of the options in the above question, it would have been the correct answer.
  • fuz1onfuz1on Member Posts: 961 ■■■■□□□□□□
    The question is really badly worded as host-based intrusion detection (HIDS) is an IDS and supports network monitoring. The keyword is system since network monitoring is just part of HIDS or NIDS - therefore, it must be IDS.
    timku.com(puter) | ProHacker.Co(nsultant) | ITaaS.Co(nstultant) | ThePenTester.net | @fuz1on
    Transmosis | http://transmosis.com | LinkedIn | https://linkedin.com/in/t1mku
    If evil be spoken of you and it be true, correct yourself, if it be a lie, laugh at it. - Epictetus
    The only real failure in life is not to be true to the best one knows. - Buddha
    If you are not willing to learn, no one can help you. If you are determined to learn, no one can stop you. - Unknown
  • TechGuru80TechGuru80 Member Posts: 1,539 ■■■■■■□□□□
    T-RAV wrote: »
    I had a question in a practice test that confused me a bit. I know Comptia likes to throw weird wording in their tests and it gets me sometimes. here is the question:

    Which System would you install to provide protection and notification of security problems in a network connected to the Internet?

    A. IDS
    B. Network monitoring
    C. Router
    D. VPN

    Now the answer is A. I did put A because I knew the others where definitely wrong. The problem I have is, IDS is not a "protection" system like it states in the question. From what I understand it is a detection system that notifies you of abnormal behavior / intrusions. The IPS is the "protection" system.

    Is there a layer of protection on the IDS's that I just don't know about?

    Thanks for the info in advance.
    We refer to an IDS as a detective control to help us protect our network by alerting us if a signature matches malicious traffic...an IPS takes it one step further and stops the traffic without our intervention.

    B and C are for routing traffic and seeing the traffic load on the network...not what we are looking for in this question.

    D. VPNs are for remote connectivity via the Internet providing a secure channel from the client into the network but it is not something to alert us.

    Generally you can use the process of elimination if you really aren't sure...for example in this question we can pretty easily eliminate 2 answers and with a little more focus remove a third answer.
Sign In or Register to comment.