Page 405 - StudyBook.pdf
P. 405

Infrastructure Security: Devices and Media • Chapter 6  389

                      an insecure network, you should not have too much trouble with this
                      part of the Security+ exam. Think of an actual tunnel going through a
                      mountain. While trying to go through the mountain without the sup-
                      ports in the tunnel would be foolish, the use of the supported or secure
                      tunnel makes this a secure and safe path to take. Applying the same
                      type of symbolism to any difficult concept you wish to understand will
                      make the Security+ exam a stress-free experience.
                         It is also important to note that when a VPN tunnel is established, it
                      is seen by both ends of the tunnel as a single hop. This is true regardless
                      of how many hops the tunnel actually goes over. For example, if a VPN
                      tunnel is established between a laptop in California and a VPN gateway
                      in Florida, there are quite a few hops between these two sites as they
                      route their traffic across the United States. However, once the tunnel is
                      established, a traceroute performed between the devices will show the
                      entire path as a single hop. This is important to remember when ana-
                      lyzing traffic presented in scenario questions utilizing VPN tunnels.





                 IDS

                 An IDS is the high-tech equivalent of a burglar alarm configured to monitor access
                 points, hostile activities, and known intruders.These systems typically trigger on
                 events by referencing network activity against an attack signature database. If a
                 match is made, an alert takes place and the event is logged for future reference.
                 Creating and maintaining the attack signature database is the most difficult part of
                 working with IDS technology. It is important to always keep the IDS up-to-date
                 with the latest signature database provided by the vendor as well as updating the
                 database with the signatures found in testing.


                 EXAM WARNING

                      The Security+ exam expects you to understand the different types of
                      IDSes, what they are used for, and how they can help protect your net-
                      work.




                    Attack signatures consist of several components used to uniquely describe an
                 attack.An ideal signature is one that is specific to the attack while being as simple




                                                                              www.syngress.com
   400   401   402   403   404   405   406   407   408   409   410