Page 1271 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 1271

logging and sending notifications or actively by changing the
               environment. Some people refer to an active IDS as an IPS. However,

               it’s important to recognize that an IPS is placed in line with the traffic
               and includes the ability to block malicious traffic before it reaches the
               target.

               Understand the differences between HIDSs and NIDSs. Host-
               based IDSs (HIDSs) can monitor activity on a single system only. A
               drawback is that attackers can discover and disable them. A network-

               based IDS (NIDS) can monitor activity on a network, and a NIDS isn’t
               as visible to attackers.

               Understand honeypots, padded cells, and pseudo flaws. A
               honeypot is a system that often has pseudo flaws and fake data to lure
               intruders. Administrators can observe the activity of attackers while
               they are in the honeypot, and as long as attackers are in the honeypot,
               they are not in the live network. Some IDSs have the ability to transfer

               attackers into a padded cell after detection. Although a honeypot and
               padded cell are similar, note that a honeypot lures the attacker but the
               attacker is transferred into the padded cell.

               Understand methods to block malicious code. Malicious code
               is thwarted with a combination of tools. The obvious tool is anti-
               malware software with up-to-date definitions installed on each system,
               at the boundary of the network, and on email servers. However,

               policies that enforce basic security principles, such as the principle of
               least privilege, prevent regular users from installing potentially
               malicious software. Additionally, educating users about the risks and
               the methods attackers commonly use to spread viruses helps users
               understand and avoid dangerous behaviors.

               Understand penetration testing. Penetration tests start by
               discovering vulnerabilities and then mimic an attack to identify what

               vulnerabilities can be exploited. It’s important to remember that
               penetration tests should not be done without express consent and
               knowledge from management. Additionally, since penetration tests
               can result in damage, they should be done on isolated systems
               whenever possible. You should also recognize the differences between
               black-box testing (zero knowledge), white-box testing (full
   1266   1267   1268   1269   1270   1271   1272   1273   1274   1275   1276