Chapter Review

Chapter Review

Extensive planning and preparation are required before deploying sensors on your Internetwork. Until some auditing and planning are done, you can’t even be sure which sensors are needed. This chapter discussed the planning and auditing that can be accomplished to determine where sensors should be deployed throughout the internetwork.

This chapter reviewed the common deployment strategies that have worked in previous IDS deployments and the factors that assist with the deployment strategy, such as

  • Network entry points

  • Network size and complexity

  • The amount and type of traffic to be monitored

This chapter described in detail the methods that can be used to configure the sensors once they’ve been deployed. The built-in script sysconfig-sensor can be used to configure the sensor for network connectivity. In addition, this application is used to enable the IDS Device Manager.

Once the sensors are bootstrapped, the IDS Device Manager can be used to configure the operations of each sensor, fine-tuning the IDS system. The IDS Device Manager presents the configuration in a common and intuitive web interface to ease the configuration burden. The configuration and management of the sensor through the Device Manager is broken into four configuration and management areas, which are as follows:

  • Device

  • Configuration

  • Monitoring

  • Administration

Each area is then broken down into Sub-Areas, which contain Table of Content (TOC) items. Each TOC item has a configuration or report pane that’s used to configure the sensor or to display the report.

Questions

1.?

Which of the following is a disadvantage to placing a single sensor in front of a filtering device?

  1. If the sensor is placed in front of the filtering device, it will be unable to detect interior attacks

  2. If the sensor is placed in front of the filtering device, it will be unable to detect exterior attacks

  3. If the sensor is placed in front of the filtering device, it will be unable to detect any attacks

  4. The sensor will be unable to communicate with the interior CSPM host

 A. If the sensor is placed in front of the filtering device, it will be unable to detect interior attacks

2.?

What is the name of the script used to bootstrap a sensor?

  1. sysconfig.sensor

  2. sysconfig-sensor

  3. sensor.config

  4. sensor-config

 B. sysconfig-sensor

3.?

You must be logged in to the sensor as root to perform which of the following commands?

  1. idsstart

  2. ping

  3. VerifySensor

  4. idsstop

 C. VerifySensor

4.?

IP Blocking response is configured on which of the following?

  1. The sensor

  2. The CSPM host

  3. The router

  4. The firewall

 A. The sensor

5.?

To manually configure IP blocking on the sensor, you must define which of the following?

  1. The IP address to blocked

  2. The interface to block

  3. The addresses that shouldn’t be blocked

  4. The router’s interface

 D. The router s interface

6.?

What is the default IP address configured on the sensors?

  1. 10.9.201.1

  2. 10.6.202.1

  3. 10.1.9.201

  4. None of the above

 C. 10.1.9.201

7.?

Which of the following methods can’t be used to connect to a sensor for bootstrapping?

  1. Console access

  2. CSPM PostOffice connection

  3. Telnet

  4. Directly, with a keyboard and monitor

 B. CSPM PostOffice connection

Answers

1.?

A. If the sensor is placed in front of the filtering device, it will be unable to detect interior attacks

2.?

B. sysconfig-sensor

3.?

C. VerifySensor

4.?

A. The sensor

5.?

D. The router’s interface

6.?

C. 10.1.9.201

7.?

B. CSPM PostOffice connection




Part III: Virtual Private Networks (VPNs)