[TABS_R id=8782]
Which of the following would you most likely configure on a host to alert you about possible attacks without filtering traffic? (Select the best answer.)
- a botnet
- a honeypot
- a personal firewall
- a HIDS
Explanation:
Most likely, you would configure a Hostbased Intrusion Detection System (HIDS) to alert you about possible attacks without taking action to protect the system. A HIDS is a software or hardwarebased system that detects intrusions by monitoring system activity, such as resource usage. By monitoring and auditing activity on the host, the HIDS can detect anomalies associated with an intrusion and can issue an alert. Although a HIDS could alert you about incoming traffic, it would not be able to filter that traffic.
You could configure a personal firewall to block incoming traffic on a specific port. A personal firewall is a softwarebased system that controls the flow of network traffic. A personal firewall can be configured to allow traffic or to block traffic. For example, you can configure a firewall to block or allow traffic based on the port on which that traffic is being sent.
You are not likely to configure a honeypot on a host to alert you about possible attacks without filtering traffic. A honeypot is a decoy system that is made to appear vulnerable to network intruders for the purpose of trapping them? it also logs information about the attack for further study.
You would not install a botnet to block incoming traffic on a specific port. A botnet is a network of zombies. Zombies, or bots, are compromised computers that can be used to perform Denial of Service (DoS) or Distributed DoS (DDoS) attacks and to send spam.
[TABS_R id=8782]