These questions are derived from the Self Test Software Practice Test for (ISC)2’s CISSP exam.
Objective: Physical Security
SubObjective: Intrusion Detection System
Single Answer, Multiple Choice
Which statement is NOT a characteristic of a network-based intrusion detection system (NIDS)?
- An NIDS monitors real-time traffic.
- An NIDS analyzes encrypted information.
- An NIDS analyzes network packets for intrusion.
- An NIDS does not monitor individual workstations in a network.
B. An NIDS analyzes encrypted information.
The primary disadvantage of a NIDS is its inability to analyze encrypted information. For example, the packets that traverse through a Virtual Private Network (VPN) tunnel cannot be analyzed by the NIDS.
An NIDS can either monitor a complete network or some portions of a segregated network. It remains passive while acquiring the network data. For example, an intrusion detection system (IDS) can be placed on the internal network to monitor either real-time traffic or a de-militarized zone (DMZ). In a DMZ, public servers, such as e-mail, DNS, and FTP servers, are hosted by an organization to segregate these public servers from the internal network. An NIDS monitors real-time traffic over the network, captures the packets, and analyzes them either through a signature database or against the normal traffic pattern behavior to ensure that there are no intrusion attempts or malicious threats. NIDS finds extensive commercial implementation in most organizations.
NIDS does not monitor specific workstations. A host-based IDS (HIDS) monitors individual workstations on a network. An intrusion detection agent should be installed on each individual workstation of a network segment to monitor any security breach attempt on a host.
CISSP All-in-One Exam Guide, Chapter 4: Access Control, Intrusion Detection, pp. 200-209.