What does a network intrusion Prevention System do when it detects an attack Quizlet

Network-based:
perform packet sniffing and analyze network traffic to identify and stop suspicious activity. They are typically deployed inline. Like a network firewall. They receive packets, analyze them, decide whether they should be permitted, and allow acceptable packets to pass through. Network-based products might be able to detect and stop some unknown threats through application protocol analysis

Host-based:
are similar in principle and purpose to network-based , except that a host-based product monitors the characteristics of a single host and the events occurring within that host, such as monitoring network traffic (only for that host), system logs, running processes, file access and modification, and system and application configuration changes.

Active device

Operates in-line to the network

Monitors all traffic, sends alerts, and drops or blocks the offending traffic

Great for DoS based attacks

Drawbacks:
False positives can drop legit communication

A "network intrusion detection system (NIDS)" monitors traffic on a network looking for suspicious activity, which could be an attack or unauthorized activity.

A large NIDS server can be set up on a backbone network, to monitor all traffic; or smaller systems can be set up to monitor traffic for a particular server, switch, gateway, or router.

In addition to monitoring incoming and outgoing network traffic, a NIDS server can also scan system files looking for unauthorized activity and to maintain data and file integrity. The NIDS server can also detect changes in the server core components.

In addition to traffic monitoring, a NIDS server can also scan server log files and look for suspicious traffic or usage patterns that match a typical network compromise or a remote hacking attempt.

The NIDS server can also server a proactive role instead of a protective or reactive function. Possible uses include scanning local firewalls or network servers for potential exploits, or for scanning live traffic to see what is actually going on.

Keep in mind that a NIDS server does not replace primary security such as firewalls, encryption, and other authentication methods. The NIDS server is a backup network integrity device. Neither system (primary or security and NIDS server) should replace common precaution (building physical security, corporate security policy, etc.)

A fat AP, also known as a stand-alone, intelligent/autonomous AP, includes everything needed to connect wireless clients to a wireless network.
It typically includes features such as a routing component, NAT, DHCP, wireless security options, access control lists (ACLs), and more. If you're
running a wireless network at your home or in a small office network,using a fat access point.
Fat APs must be configured separately from each other, which isn't really a problem if you're only configuring a single AP.
Consider a network that has a dozen APs spread around the organization.If these were all fat APs, administrators would need to configure each one separately, which is highly inefficient.

Wireless networks use two primary radio bands: 2.4 GHz and 5 GHz.
However, wireless devices don't transmit exactly on 2.4 GHz or 5 GHz.
Instead, the two bands have multiple channels starting at about 2.4 GHz and 5 GHz.
The Institute of Electrical and Electronics Engineers (IEEE) defines
many standards, including the IEEE 802.11 group of wireless network
protocols. Table 4.1 shows some common wireless standards along with the
frequency band (or bands) they support. It also shows the channel widths
supported by each. However, the channel widths are somewhat misleading.
For example, 802.11n supports channel widths of both 20 MHz and 40 MHz.
However, a 40 MHz channel is two combined 20 MHz channels.
Table 4.1: Common wireless standards, frequencies, and channel
widths
Theoretically, wider channels allow you to transfer more data through
the channel. Unfortunately, there are two challenges. First, when you increase
the channel width, you decrease the distance of the radio transmissions. A
device that connects with a 20 MHz channel at a specific distance away
might not be able to connect at 40 MHz from the same location. Second, you
increase the possibility of interference. Wider channels are more likely to
overlap with other wireless devices and this interference affects overall
performance.
These challenges are much more prevalent in the 2.4 GHz band because
there are more technologies operating in this band. For example, Bluetooth
devices, microwave ovens, and cordless phones operate in this range.
Additionally, the 2.4 GHz range has only three nonoverlapping channels. APs
typically allow you to choose the frequency band (2.4 GHz and/or 5 GHz).
Additionally, most APs allow you to manually select a channel or allow the
AP to pick the best channel. The "PSK, Enterprise, and Open Modes" section
(found later in this chapter) shows a screenshot of an AP with some of these
selections.

One of the goals of 802.11 wireless networks is ease of use. The
designers wanted wireless computers to be able to easily find each other and
work together. They were successful with this goal. Unfortunately, attackers
can also easily find your networks. By default, APs broadcast the SSID in
cleartext, making it easy to locate wireless networks.
At some point years ago, someone stated that the SSID was a password
(not true!), and many information technology (IT) professionals latched onto
the idea that you can increase security by disabling the SSID broadcast. Others
say that the SSID has nothing to do with security and disabling the broadcast
reduces usability but does not increase security.
As background, APs must regularly send out a beacon frame to ensure
interoperability with other devices in the wireless network. This beacon
frame includes the SSID, and if the SSID broadcast is disabled, the SSID
entry is blank. However, even if the SSID broadcast is disabled, the AP
includes the SSID in Probe responses sent in response to Probe requests from
authorized wireless clients. Because of this, it's easy for an attacker with a
wireless protocol analyzer to listen for the Probe responses and detect the
SSID.
In other words, disabling the SSID makes it a little more difficult for
attackers to find your network, but not much. It's almost like locking the
front door of your house, but leaving the key in the lock.
Steve Riley wrote in a security blog titled "Myth vs. Reality: Wireless
SSIDs" that disabling the SSID for security "is a myth that needs to be
forcibly dragged out behind the woodshed, strangled until it wheezes its last
labored breath, then shot several times for good measure." In case it isn't
clear, Mr. Riley is in the camp that says you should not disable the SSID for
security. For the record, I agree with him.
For the CompTIA Security+ exam, you should know that it is possible
to disable the SSID broadcast and hide the network from casual users.
However, an attacker with a wireless protocol analyzer can easily discover the
SSID even if SSID broadcast is disabled

Enabling media access control (MAC) filtering provides a small measure of security to a wireless network.
The MAC address (also called a physical address or hardware address) is a 48-bit address used to identify network interface cards (NICs).
You will usually see the MAC address displayed as six pairs of hexadecimal characters such as 00-16-EA-DD-A6-60.
Every NIC, including wireless NICs, has a MAC address.
MAC filtering is a form of network access control. It's used with port security on switches and you can use it to restrict access to wireless networks.
For example, Figure 4.4 shows the MAC filter on a NETGEAR Orbi AP.
In the figure, you can see that the system is set to Permit PCs Listed Below to
Access the Wireless Network. The MAC Address column shows the MAC
addresses of the allowed devices. The Status column shows that each of these
devices is set to Allows, granting them access. The Block all new devices from
connecting setting prevents any other devices from connecting. It's also
possible to select the check box for any device, and click on Block to change
its status to Blocked.
Figure 4.4: MAC filter on an AP
Theoretically, MAC addresses are unique. The MAC filter in Figure 4.4
limits access to only the devices with these MAC addresses. This might sound
secure, but an attacker with a wireless sniffer can easily identify the MAC
addresses allowed in a wireless network. Additionally, it's very easy to change
a MAC address. An attacker can launch a spoofing attack by changing the
MAC address on his laptop to impersonate one of the allowed MAC addresses.
Many operating systems include built-in functionality to change a
NIC's MAC address. For example, in Windows 10 you can access the NIC's
properties from Device Manager, click the Advanced tab, and configure the
Network Address setting with a new MAC

Antenna Types and Placement
The most commonly used wireless antenna on both APs and
wireless devices is an omnidirectional (or omni) antenna. Omnidirectional
antennas transmit and receive signals in all directions at the same time. This
allows wireless devices to connect to an AP from any direction. Another type
of antenna is a directional antenna. A directional antenna transmits in a single
direction and receives signals back from the same direction. Because the
power of the antenna is focused in a single direction, the directional antenna
has greater gain than an omni antenna, and it can transmit and receive signals
over greater distances. The directional antenna also has a
very narrow radiation pattern, focusing the signal in a specific area.
When considering antenna placement, you should also configure the
antenna orientation. Many APs have adjustable antennas. Should you orient
them vertically, pointed straight up? Or, should you orient them
horizontally, pointed straight out, even with the floor? It depends. Reception
is maximized when your AP's antenna orientation matches the orientation
used by your wireless devices. However, you'll find that antenna orientation
isn't consistent in all devices. Some place them horizontally and others place
them vertically. If your AP has two antennas, some experts recommend
orienting one of them horizontally and one of them vertically.
Administrators often perform a site survey while planning and
deploying a wireless network. The site survey examines the wireless
environment to identify potential issues, such as areas with noise or other
devices operating on the same frequency bands. Administrators and security
personnel periodically repeat the site survey to verify the environment hasn't
changed and to detect potential security issues.
One method of performing a site survey is to configure an AP and
position the antenna within the organization. Administrators then measure
the power levels of the AP from different areas to determine if it provides the
desired coverage. If the AP doesn't provide adequate coverage,
administrators might try to modify the placement of the AP and/or its
antenna, or add additional APs

What does an intrusion detection system used to detect attacks?

What does an intrusion detection system do how does it do it?

What occurs after a network intrusion detection system NIDS first detects an attack?

What is network intrusion detection and prevention system?