Which IDS guideline should be followed according to SAFE SMR?

Which IDS guideline should be followed according to SAFE SMR?

Which IDS guideline should be followed according to SAFE SMR?

A.
Use UDP resets more often than shunning, because UDP traffic is more difficult to spoof.

B.
Use TCP resets more often than shunning, because TCP traffic is more difficult to spoof.

C.
Use TCP resets no longer than 15 minutes.

D.
Use UDP resets no longer than 15 minutes.

Explanation:
As the name implies, TCP resets operate only on TCP traffic and terminate an active attack by sending TCP reset messages to the attacking and attacked host. Because TCP traffic is more difficult to spoof, you should consider using TCP resets more often than shunning.
REF;Safe white papers; 8
SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks



Leave a Reply 0

Your email address will not be published. Required fields are marked *