SóProvas


ID
753139
Banca
FCC
Órgão
MPE-AP
Ano
2012
Provas
Disciplina
Redes de Computadores
Assuntos

Os IPSs

Alternativas
Comentários
  • Letra E. As alternativas A, B e D podem ser excluídas por conterem uma negação, uma restrição. A alternativa C está errada porque a camada de Aplicação contém os softwares em execução, e não os hardwares.
  • Cuidado! Não trocar ISP por IPS. As definições são bem diferentes.

    IPS como cita a questão é definido como:

    Intrusion prevention systems (IPS), also known as intrusion detection and prevention systems (IDPS), are network security appliances that monitor network and/or system activities for malicious activity. The main functions of intrusion prevention systems are to identify malicious activity, log information about said activity, attempt to block/stop activity, and report activity. [1]

    Intrusion prevention systems are considered extensions of intrusion detection systems because they both monitor network traffic and/or system activities for malicious activity. The main differences are, unlike intrusion detection systems, intrusion prevention systems are placed in-line and are able to actively prevent/block intrusions that are detected. [2][3] More specifically, IPS can take such actions as sending an alarm, dropping the malicious packets, resetting the connection and/or blocking the traffic from the offending IP address. [4] An IPS can also correct Cyclic Redundancy Check (CRC) errors, unfragment packet streams, prevent TCP sequencing issues, and clean up unwanted transport and network layer options.

    Classifications

    Intrusion prevention systems can be classified into four different types:[1][6]

    Network-based intrusion prevention system (NIPS): monitors the entire network for suspicious traffic by analyzing protocol activity.

    Wireless intrusion prevention systems (WIPS): monitors a wireless network for suspicious traffic by analyzing wireless networking protocols.

    Network behavior analysis (NBA): examines network traffic to identify threats that generate unusual traffic flows, such as distributed denial of service (DDoS) attacks, certain forms of malware, and policy violations.

    Host-based intrusion prevention system (HIPS): an installed software package which monitors a single host for suspicious activity by analyzing events occurring within that host.

    ------------------------

    ISP:

    An Internet service provider (ISP) is an organization that provides access to the Internet.

    Internet service providers can be either community-owned and non-profit, or privately owned and for-profit.

    Access ISPs directly connect clients to the Internet using copper wires, wireless or fiber-optic connections.[1] Hosting ISPs lease server space for smaller businesses and other people (colocation). Transit ISPs provide large amounts of bandwidth for connecting hosting ISPs to access ISPs.


    Fonte: http://en.wikipedia.org/wiki/Intrusion_prevention_system

  • Intrusion Prevention System (IPS)

    An IPS generally sits in-line and watches network traffic as the packets flow through it. It acts similarly to an Intrusion Detection System (IDS) by trying to match data in the packets against a signature database or detect anomalies against what is pre-defined as "normal" traffic. In addition to its IDS functionality, an IPS can do more than log and alert. It can be programmed to react to what it detects. The ability to react to the detections is what makes IPSs more desirable than IDSs.

    There are still some drawbacks to an IPS. IPSs are designed to block certain types of traffic that it can identify as potentially bad traffic. IPSs do not have the ability to understand web application protocol logic. Hence, IPSs cannot fully distinguish if a request is normal or malformed at the application layer (OSI Layer 7). This short coming could potentially allow attacks through without detection or prevention, especially newer attacks without signatures.

    Being there is a large number of web applications in existence, both commercial and home grown, there will tend to be a lot of different types of vulnerabilities available for attackers to exploit. IPSs cannot effectively cover all the potential vulnerabilities and in actuality may end up producing more false positives. False positives are very bad because they make already busy security analysts even busier. An overload of false positives can delay response to actual attacks or cause attacks to get accepted as normal because of an analyst trying to reduce the noise.

    Host IPSs (HIPS) are a little more granular than network IPSs (NIPS). HIPS can monitor the application layer (OSI Layer 7), a little closer to the logic delivered to the web application. But HIPS still lacks some understanding of web application languages and logic. In response to these shortcomings, we are presented the Web Application Firewall.

    fonte : http://www.sans.org/security-resources/idfaq/ips-web-app-firewall.php

  • NIPS só a nível de rede, somente HIDS vai ao nível de aplicação. A questão foi muito infeliz pois não especificou qual o tipo e IPS, logo não podemos afirmar obrigatoriamente que ela proverá análise ao nível de aplicação. Gabarito ANULAÇÃO

  • a) Errado. Há falsos positivos, mas o IPS pode detectar ataque de Dos.

    b) Errado. Pode bloquear

    c) Errado. Um IPS baseda em host fica na prápria máquina

    d) Errado. Permitem também detectar os outros ataques

    e)  Certo. Por ser a melhor resposta. Em regra para camada 7, usamos um WAF. Um NIPS tradicionalmente não consegue atuar bem na camada 7. Um HIPS ainda pode ter um desempenho melhor. Contudo, a rigor esse é o papel de um WAF.

     

    Essa questão foi respondida com base no conteúdo do meu site: http://www.apcti.com.br/seguranca-da-informacao/intrusion-prevention-system-ips/

     

    Presto serviço de tutoria para concursos de TI, caso tenha interesse mande uma mensagem. Para receber conteúdo siga meu instagram: https://www.instagram.com/apcti/