[Cisspstudy] Another question on IDS
Albert R. Campa
abcampa at gmail.com
Fri Jan 8 08:59:22 EST 2010
IDS doesnt prevent, but just detect. If the question had IPS then it would
be different, but still I think the answer would be A. Reason is the point
of the question is to know the extra step the IDS took and that is to modify
gateway rule. The gateway is what actually prevented.(arguable) The IDS
diverted the suspicious traffic in the case it was an attack, so I could see
how corrective could be the BEST answer as opposed to prevent. The IDS did
more than just prevent.
I dont really like the word "corrective" or the question, but I see how it
could not be D.
__________________________________
Albert R. Campa
On Fri, Jan 8, 2010 at 7:36 AM, Saurabh Bhargava <catchbhargava at yahoo.com>wrote:
> The IDS modifies a gateway rule to divert "suspected" traffic to a
> honeypot. What type of intrusion control does this represent?
>
> A. Corrective control
> B. Recovery control
> C. Detective control
> D. Preventive control
>
> I think it is D but author says A.
>
> My choice of D was for the reason traffic is still "suspected" it may or
> may not be an attack. I would have surely gone for option A, had the
> question was "an attack was discovered and IDS modified the gateway rule"
>
> Definitions from AIO say:
>
> • Preventive Intended to avoid an incident from occurring
> • Corrective Fixes components or systems after an incident has occurred
>
> Have I lost the plot on IDS?
>
> Any help will be highly appreciated.
>
> cheers, SB
>
>
> _______________________________________________
> cisspstudy mailing list
> cisspstudy at cccure.org
> http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20100108/f1e42abe/attachment.html>
More information about the cisspstudy
mailing list