Professional Documents
Culture Documents
Computer Quiz Short Questions Answers
Computer Quiz Short Questions Answers
Application Layer (For Application Layer Security IDS, use of secure protocols instead of
normal protocols like HTTPs instead of HTTP, FTPS instead of FTP, ModSecuity WAF for
protecting online purchase system that will prevent from SQL Injection Attacks, Cross-Site
Scripting Attacks, and mitigation against other application layer vulnerabilities. IDS will also
help to mitigate application layer security threats, Intrusion Detection System (IDS) can
deployed as host based and network based, so deployment of NIDS and HIDS is recommended
to strengthen the security in layers. Manage file permissions, )
Transport Layer:
BCP38 (Best Current Practices) is recommended for mitigation of Transport Layer attacks.
Solution: only let packets exit your network that have legitimate source addresses
Network Layer ( for network security IDS, Firewalls, ACL configuration will help to prevent
from DDoS attacks and other security threat. Tunneling, IPSec,
Physical/Data Link Layer:
Encrypted Protocol medium – SSl , SSH, VPN, Use Cryptographically random ISNs irewalling,
ACLs Still does not prevent against Denial-of-Service attacks
For mitigation of ARP spoofing, static ARP table is recommended to configure, Dynamic
ARP Inspectin (DAI)
DHCP allocate IP address automatically to client on their arp request and provide ip
address for a specific lease time, any client who will request for IP address will be assigned
an IP address with any authentication mechanism, only MAC address can identify the
client and its is easily possible to change MAC addresses, so unauthorized users can send
requests to DHCP server and leased an IP address from DHCP server without any
authentication. For mitigation of unauthorized client IP address lease by DHCP layer 2
authentication mechanism 802.1x can be used and helps to prevent unauthorized client IP
lease efficiently.
Signature Based IDS
IDS – signature
Signature based IDS looks for specific predefined malevolent binary
instruction sequence (attack patterns ) that is known as signature and can be a
byte sequence in network traffic or some events, Signature based Intrusion
detection systems (IDS) required to update frequently, it attack signatures are
presents in IDS database, attack can be detect and mitigate and if attack
signatures are not updated and not attack signature is not available in IDS
attack signature database, attack cannot detect and block. Only already
known attack patterns can detect and mitigate with Signature Based intrusion
detection systems and new attack patterns are not blocked.
•Look for a known binary sequence, or events
•Issues:
•Signatures need to be updated
•Only known issues can be detected