A web company is looking to implement an intrusion detection and prevention system into
their deployed VPC. This platform should have the ability to scale to thousands of instances
running inside of the VPC.
How should they architect their solution to achieve these goals?
A.
Configure an instance with monitoring software and the elastic network interface (ENI) set to
promiscuous mode packet sniffing to see an traffic across the VPC.
B.
Create a second VPC and route all traffic from the primary application VPC through the second
VPC where the scalable virtualized IDS/IPS platform resides.
C.
Configure servers running in the VPC using the host-based ‘route’ commands to send all traffic
through the platform to a scalable virtualized IDS/IPS.
D.
Configure each host with an agent that collects all network traffic and sends that traffic to the
IDS/IPS platform for inspection.
Explanation:
A – promiscuous mode is not allowed
C – there is no ‘route’ command
D – The company need IPS so agent will not work
why did not select C?
Ans. D
An Agent is deployed on every instance to capture & replicate traffic for centralized analysis.Actual workload of network traffic analysis is not performed on the instance but on a separate server.Traffic capture and replication is still CPU-intensive (particularly on Windows machines.)
It significantly increases the internal network traffic in the environment as every inbound packet is duplicated in the transfer from the instance that captures the traffic to the instance that analyzes the traffic.
http://jayendrapatil.com/tag/idsips/
D
A is not possible, B doesnt meet the requirement of deploying in the same VPC, C while technically possible doesnt make sense from an application perspective leaving D as the best answer here.
A – promiscuous mode is not allowed
B – doesn’t make sense because you can not route to the internet over VPC peered connections. You can only route into the peered VPC but not further.
C – makes sense but there is no route command to route the traffic
D – seems to be correct because:
http://jayendrapatil.com/aws-intrusion-detection-prevention-idsips/
D.