You are the security administrator at Certkiller Inc. working configuring an IDS. Which IDS guideline should be followed, according to SAFE SMR?
A.
According to SAFE SMR, use UDP resets more often than shunning, because UDP traffic is more difficult to spoof.
B.
According to SAFE SMR, use TCP resets no longer than 15 minutes.
C.
According to SAFE SMR, use UDP resets no longer than 15 minutes.
D.
According to SAFE SMR, use TCP resets more often than shunning, because TCP traffic is more difficult to spoof.
Explanation:
As the name implies, TCP resets operate only on TCP traffic and terminate an active attack by sending TCP reset messages to the attacking and attacked host. Because TCP traffic is more difficult to spoof, you should consider using TCP resets more often than shunning.
Reference: Safe white papers; 8
SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks