You
are the Network Administrator for a large corporate network. You want to monitor all network
traffic on your local network for suspicious activities and receive a notification when a possible
attack is in process. Which of the following actions will you take for this?
A.
Install a network-based IDS
B.
Install a host-based IDS
C.
Install a DMZ firewall
D.
Enable verbose logging on the firewall
Explanation:
A network-based IDS monitors all traffic on your entire network. This would give you
coverage for all network traffic.
A network-based detection system (NIDS) analyzes data packets flowing through a network. It can
detect malicious packets that are
designed to be overlooked by a firewall’s simplistic filtering rules. It is responsible for detecting
anomalous or inappropriate data that may be
considered ‘unauthorized’ on a network. An NIDS captures and inspects all data traffic, regardless of
whether it is permitted for checking or
not.
Answer option B is incorrect. A host based IDS simply monitors attempted attacks on an individual
host.
Answer option D is incorrect. Verbose logging on the firewall will only give you clues regarding
attacks on the firewall.
Answer option C is incorrect. A DMZ firewall, while a good suggestion and usually more secure,
would not give you any monitoring of the traffic
on the LAN.