[Cisspstudy] Another question on IDS

gerritsjs gerritsjs at gmail.com
Fri Jan 8 09:36:20 EST 2010 

Even though an IDS detects a "suspected" traffic, the question stated that
the IDS "modifies/corrects" the gateway rule, thus the answer is A.   

Answer D would be perfect if the question was stated differently.

 

 

  _____  

From: cisspstudy-bounces at cccure.org [mailto:cisspstudy-bounces at cccure.org]
On Behalf Of Albert R. Campa
Sent: Friday, January 08, 2010 5:59 AM
To: The CISSP Study Mailing list
Subject: Re: [Cisspstudy] Another question on IDS

 

IDS doesnt prevent, but just detect. If the question had IPS then it would
be different, but still I think the answer would be A. Reason is the point
of the question is to know the extra step the IDS took and that is to modify
gateway rule. The gateway is what actually prevented.(arguable) The IDS
diverted the suspicious traffic in the case it was an attack, so I could see
how corrective could be the BEST answer as opposed to prevent. The IDS did
more than just prevent.

 

I dont really like the word "corrective" or the question, but I see how it
could not be D.



__________________________________
Albert R. Campa



On Fri, Jan 8, 2010 at 7:36 AM, Saurabh Bhargava <catchbhargava at yahoo.com>
wrote:

The IDS modifies a gateway rule to divert "suspected" traffic to a honeypot.
What type of intrusion control does this represent? 

 

A. Corrective control 

B. Recovery control

C. Detective control

D. Preventive control 

 

I think it is D but author says A. 

 

My choice of D was for the reason traffic is still "suspected"  it may or
may not be an attack. I would have surely gone for option A, had the
question was "an attack was discovered and IDS modified the gateway rule" 

 

Definitions from AIO say:

 

. Preventive Intended to avoid an incident from occurring

. Corrective Fixes components or systems after an incident has occurred

 

Have I lost the plot on IDS? 

 

Any help will be highly appreciated. 

 

cheers, SB 

 


_______________________________________________
cisspstudy mailing list
cisspstudy at cccure.org
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20100108/559e3d4f/attachment-0001.html>

More information about the cisspstudy mailing list