Flashcards - M11: IDS, Firewalls, and Honeypots

What’s the difference between an IDS and an IPS?

IDS: Intrusion Detection System, monitors and alerts.
IPS: Intrusion Prevention System, can block/stop attacks actively.

How do signature-based and anomaly-based IDS differ?

Signature-based: Looks for known attack patterns.
Anomaly-based: Detects unusual patterns or behavior, can find unknown threats.

What is the role of a firewall?

Controls incoming/outgoing network traffic based on security rules, separating trusted and untrusted networks.

What is a honeypot?

A decoy system designed to lure attackers, detect intrusions, and study attack methods without risking production systems.

How can attackers evade IDS detection?

Fragmenting packets, encrypting payloads, polymorphic shellcode, or flooding with excessive traffic to overwhelm logs.