GIAC GSNA Exam - Topic 4 Question 10 Discussion

Wireless intrusion prevention system (WIPS) monitors the radio spectrum for the presence of unauthorized, rogue access points and the use

of wireless attack tools. The system monitors the radio spectrum used by wireless LANs, and immediately alerts a systems administrator

whenever a rogue access point is detected. Conventionally it is achieved by comparing the MAC address of the participating wireless devices.

Rogue devices can spoof MAC address of an authorized network device as their own. WIPS uses fingerprinting approach to weed out devices

with spoofed MAC addresses. The idea is to compare the unique signatures exhibited by the signals emitted by each wireless device against

the known signatures of pre-authorized, known wireless devices.

Answer B is incorrect. An Intrusion detection system (IDS) is used to detect unauthorized attempts to access and manipulate computer

systems locally or through the Internet or an intranet. It can detect several types of attacks and malicious behaviors that can compromise the

security of a network and computers. This includes network attacks against vulnerable services, unauthorized logins and access to sensitive

data, and malware (e.g. viruses, worms, etc.). An IDS also detects attacks that originate from within a system. In most cases, an IDS has

three main components: Sensors, Console, and Engine. Sensors generate security events. A console is used to alert and control sensors and

to monitor events. An engine is used to record events and to generate security alerts based on received security events. In many IDS

implementations, these three components are combined into a single device. Basically, following two types of IDS are used :

Network-based IDS

Host-based IDS

Answer A is incorrect. Snort is an open source network intrusion prevention and detection system that operates as a network sniffer. It

logs activities of the network that is matched with the predefined signatures. Signatures can be designed for a wide range of traffic, including

Internet Protocol (IP), Transmission Control Protocol (TCP), User Datagram Protocol (UDP), and Internet Control Message Protocol (ICMP).

The three main modes in which Snort can be configured are as follows:

Sniffer mode: It reads the packets of the network and displays them in a continuous stream on the console.

Packet logger mode: It logs the packets to the disk.

Network intrusion detection mode: It is the most complex and configurable configuration, allowing Snort to analyze network traffic for

matches against a user-defined rule set.

Answer C is incorrect. A firewall is a tool to provide security to a network. It is used to protect an internal network or intranet against

unauthorized access from the Internet or other outside networks. It restricts inbound and outbound access and can analyze all traffic

between an internal network and the Internet. Users can configure a firewall to pass or block packets from specific IP addresses and ports.