Which of the following tools monitors the radio spectrum for the presence of unauthorized, rogue access points and the use of wireless attack
tools?
Wireless intrusion prevention system (WIPS) monitors the radio spectrum for the presence of unauthorized, rogue access points and the use
of wireless attack tools. The system monitors the radio spectrum used by wireless LANs, and immediately alerts a systems administrator
whenever a rogue access point is detected. Conventionally it is achieved by comparing the MAC address of the participating wireless devices.
Rogue devices can spoof MAC address of an authorized network device as their own. WIPS uses fingerprinting approach to weed out devices
with spoofed MAC addresses. The idea is to compare the unique signatures exhibited by the signals emitted by each wireless device against
the known signatures of pre-authorized, known wireless devices.
Answer B is incorrect. An Intrusion detection system (IDS) is used to detect unauthorized attempts to access and manipulate computer
systems locally or through the Internet or an intranet. It can detect several types of attacks and malicious behaviors that can compromise the
security of a network and computers. This includes network attacks against vulnerable services, unauthorized logins and access to sensitive
data, and malware (e.g. viruses, worms, etc.). An IDS also detects attacks that originate from within a system. In most cases, an IDS has
three main components: Sensors, Console, and Engine. Sensors generate security events. A console is used to alert and control sensors and
to monitor events. An engine is used to record events and to generate security alerts based on received security events. In many IDS
implementations, these three components are combined into a single device. Basically, following two types of IDS are used :
Network-based IDS
Host-based IDS
Answer A is incorrect. Snort is an open source network intrusion prevention and detection system that operates as a network sniffer. It
logs activities of the network that is matched with the predefined signatures. Signatures can be designed for a wide range of traffic, including
Internet Protocol (IP), Transmission Control Protocol (TCP), User Datagram Protocol (UDP), and Internet Control Message Protocol (ICMP).
The three main modes in which Snort can be configured are as follows:
Sniffer mode: It reads the packets of the network and displays them in a continuous stream on the console.
Packet logger mode: It logs the packets to the disk.
Network intrusion detection mode: It is the most complex and configurable configuration, allowing Snort to analyze network traffic for
matches against a user-defined rule set.
Answer C is incorrect. A firewall is a tool to provide security to a network. It is used to protect an internal network or intranet against
unauthorized access from the Internet or other outside networks. It restricts inbound and outbound access and can analyze all traffic
between an internal network and the Internet. Users can configure a firewall to pass or block packets from specific IP addresses and ports.
Currently there are no comments in this discussion, be the first to comment!