IPS

1

A known, confirmed attack
Detected when a ﬁle or traffic matches a signature pattern:
1- lPS signatures
2- WAF signatures
3- Antivirus signatures
Example: Exploit of known application vulnerabilities

1

Can be zero-day or denial of service attacks (DoS)
Detected by behavioral analysis:
1-Rate-based IPS signatures
2-DoS policies
3-Protocol constraints inspection
Example: Abnormally high rate of traffic (DoS/ﬂood)

1

Flow-based detection and blocking :

1

IPS Components‘ IPS signature databases ‘ Protocol decoders IPS engine (Select 3)

1

IPS engine (Select 5)

1

Decoders parse protocols.
lPS signatures ﬁnd parts of a protocol that don’t conform.
For example, too many HTTP headers, or a buffer overflow attempt
Unlike proxy-based scans, IPS often does not require IANA standard ports.
Automatically selects decoder for protocol at each OSI layer

1

IPS packages are updated by FortiGuard. (Select 3)

1

Choosing the Signature Database
- ❌ : Common attacks with fast, certain identification (default action is block)

- ❌ : Performance-intensive

Regular

Extended

1

In fact, because of its size, the extended database is only available for FortiGate models with a smaller disk or RAM. But, for high-security networks, you might be required to enable the extended signatures database.

1

Configuring IPS sensors

1

IPS Actions (Select 6)

NSE4 6.0 NSE4 6.0 Quiz am IPS, erstellt von Marcos Avila am 12/09/2018.

A known, confirmed attack Detected when a ﬁle or traffic matches a signature pattern: 1- lPS signatures 2- WAF signatures 3- Antivirus signatures Example: Exploit of known application vulnerabilities

Can be zero-day or denial of service attacks (DoS) Detected by behavioral analysis: 1-Rate-based IPS signatures 2-DoS policies 3-Protocol constraints inspection Example: Abnormally high rate of traffic (DoS/ﬂood)

Flow-based detection and blocking :

IPS Components‘ IPS signature databases ‘ Protocol decoders IPS engine (Select 3)

IPS engine (Select 5)

Decoders parse protocols. lPS signatures ﬁnd parts of a protocol that don’t conform. For example, too many HTTP headers, or a buffer overflow attempt Unlike proxy-based scans, IPS often does not require IANA standard ports. Automatically selects decoder for protocol at each OSI layer

IPS packages are updated by FortiGuard. (Select 3)

Choosing the Signature Database - ❌ : Common attacks with fast, certain identification (default action is block) - ❌ : Performance-intensive

In fact, because of its size, the extended database is only available for FortiGate models with a smaller disk or RAM. But, for high-security networks, you might be required to enable the extended signatures database.

Configuring IPS sensors

IPS Actions (Select 6)

Which of the following are evaluated first in an lPS sensor?

Which IPS component is updated most frequently?

A known, confirmed attack
Detected when a ﬁle or traffic matches a signature pattern:
1- lPS signatures
2- WAF signatures
3- Antivirus signatures
Example: Exploit of known application vulnerabilities

Can be zero-day or denial of service attacks (DoS)
Detected by behavioral analysis:
1-Rate-based IPS signatures
2-DoS policies
3-Protocol constraints inspection
Example: Abnormally high rate of traffic (DoS/ﬂood)

Decoders parse protocols.
lPS signatures ﬁnd parts of a protocol that don’t conform.
For example, too many HTTP headers, or a buffer overflow attempt
Unlike proxy-based scans, IPS often does not require IANA standard ports.
Automatically selects decoder for protocol at each OSI layer

Choosing the Signature Database
- ❌ : Common attacks with fast, certain identification (default action is block)

- ❌ : Performance-intensive