Doug, the security officer, has been told by his manager that people should not be accessing the company’s servers during the weekend. What type of solution should Doug implement?
A.
Anomaly-based IDS
B.
Signature -based IDS
C.
Restricted interfaces
D.
Role-based access control
Explanation:
A signature-based IDS is very straightforward. For example, if a
signature-based IDS detects a packet that has all of its TCP header flags with the
bit value of 1, it knows that an xmas attack is under way-so it sends an alert. A
statistical anomaly-based IDS works differently. For example, if Bob has logged on
to his computer at 6 A.M. and the profile indicates this is abnormal, the IDS sends
an alert, because this is seen as an activity that needs to be investigated.