Which of the following devices are least likely to deny a connection inline when an attack is detected? (Select 2 choices.)
- an IPS
- a router
- an IDS
- a Layer 3 switch
- a Layer 2 switch
A Layer 2 switch and an Intrusion Detection System (IDS) are least likely to deny a connection inline when an attack is detected. An IDS is a network monitoring device that does not sit inline with the flow of network traffic? an IDS passively monitors a copy of network traffic, not the actual packet. Typically, an IDS has one promiscuous network interface attached to each monitored network. A promiscuous device listens to all data flowing past it regardless of the destination. Because traffic does not flow through the IDS, the IDS cannot mitigate singlepacket attacks and is unable to directly block malicious traffic, like a virus, before it passes onto the network. However, an IDS can actively send alerts to a management station when it detects malicious traffic.
A Layer 2 switch is a device that operates at Layer 2 of the Open Systems Interconnection (OSI) network model. Although a Layer 2 switch can implement security controls, such as port security and virtual LAN (VLAN) access control lists (ACLs), a Layer 2 switch by itself is not typically configured to detect and mitigate external security threats.
An Intrusion Prevention System (IPS) sits inline with the flow of traffic, thus actively monitoring network traffic and blocking malicious traffic, such as an atomic or singlepacket attack, before it passes onto the network. Blocking an attack inline can prevent the attack from spreading further into the network. An IPS requires at least two interfaces for each monitored network: one interface listens to traffic entering the IPS, and the other listens to traffic leaving the IPS. In addition, an IPS acts similarly to a Layer 2 bridge in that it passes traffic through to destinations on the same subnet? an IPS cannot route to destinations on a different subnet. An interface of an IPS can be put in promiscuous mode? when this happens, the device operates as an IDS on that interface. However, an IPS does not require that a physical interface be in promiscuous mode in order to monitor network traffic.
A router is a device that connects multiple subnets of the same or different networks and passes information between them. The functionality of a router can vary depending on the size of the network on which it is deployed. For example, a Cisco IPS Advanced Integration Module (AIM) can be installed in a router to integrate IPS functionality at the hardware level. Alternatively, an IOS feature set with IPS capabilities can be installed to provide IPS functionality at the software level. A router operating as an IPS can serve as a part of the network security structure as well as a bridge between two segments of the network.A Layer 3 switch is a device that can operate at both Layer 2 and Layer 3 of the OSI model. Layer 3 switches perform switching operations at Layer 2 but are also capable of forwarding traffic at Layer 3. Although a Layer 3 switch by itself is not typically configured to detect and mitigate external security threats, some chassisbases Layer 3 switches, such as Cisco Catalyst 6500 series switches, support hardware modules that can provide IPS functionality.