191. c. Network-based intrusion detection systems (IDS) perform packet filtering and analyze network traffic to identify suspicious activity and record relevant information such as type of attack (e.g., buffer overflow), the targeted vulnerability, the apparent success or failure of the attack, and the pointers to more information on the attack. Some IDSs also have intrusion prevention capabilities, not correction capabilities.
192. For network data analysis, remote access servers (RAS) do not do which of the following?
a. Connect external systems to internal systems
b. Connect internal systems to external systems
c. Record application-specific data
d. Provide packet-filtering functions
192. c. Because the remote access servers (RASs) have no understanding of the application’s functions, they usually do not record any application-specific data.
The other three choices are proper functions of RAS. The RASs are devices such as VPN gateways and modem servers that facilitate connections between networks. This often involves external systems connecting to internal systems through the RAS but could also include internal systems connecting to external or internal systems. Some RASs also provide packet-filtering functions; this typically involves logging similar to that for firewalls and routers.
193. Secure gateways block or filter access between two networks. Which of the following benefits resulting from the use of secure gateways is not true?
a. Secure gateways prevent the spread of computer viruses.
b. Secure gateways reduce risks from malicious hackers.
c. Secure gateways reduce internal system security overhead.
d. Secure gateways can centralize management services.
193. a. Questions frequently arise as to whether secure gateways (also known as firewalls) prevent the spread of viruses. In general, having a gateway scan transmitted files for viruses requires more system overhead than is practical, especially because the scanning would have to handle many different file formats. Secure gateways enable internal users to connect to external networks and at the same time prevent malicious hackers from compromising the internal systems. In addition to reducing the risks from malicious hackers, secure gateways have several other benefits. They can reduce internal system security overhead, because they enable an organization to concentrate security efforts on a limited number of machines. Another benefit is the centralization of services. A secure gateway can be used to provide a central management point for various services, such as advanced authentication, e-mail, or public dissemination of information. Having a central management point can reduce system overhead and improve service.
194. For network data analysis, managed switches collect which of the following statistical data?
a. Bandwidth usage
b. Payload size
c. Source and destination IP addresses
d. Ports for each packet
194. a. Some managed switches and other network devices offer basic network monitoring capabilities, such as collecting statistics on bandwidth usage.
The other three choices are functions of network monitoring software, which collects information such as the payload size and the source and destination IP addresses and ports for each packet. Network monitoring software is designed to observe network traffic and gather statistics on it. Packet sniffers, protocol analyzers, and intrusion detection system (IDS) software may also perform basic network monitoring functions.
195. Which of the following is not an example of alternative access points to an organization’s IT resources?
a. Internet gateway
b. Workstations
c. Modems
d. Wireless access points
