ccna 4 practice skills exam

ccna 4 practice skills exam.5-1 IPS Technologies5.1.1 IDS and IPS Features5.1.1.1 Zero-Day AttacksInternet worms and viruses can spread throughout the world in a matter of minutes. And the network must immediately identify, mitigate worms and122 Chapter 5 Implementing Intrusion Preventionvirus threats. A firewall can only do so much, but it cannot protect against malware and answer-day attacks ( zero-day attack) o A zero-day attack, sometimes called a zero-day threat, is a computer attack that attempts to exploit a software vulnerability that is not known or disclosed by the software developer. The term zero-hour (zero-hour) describes the moment when a vulnerability is discovered. During this time, it prompts software developers to develop and release patches, but networks are vulnerable to these exploits. To prevent these rapidly evolving attacks, network security practitioners are required to take a more advanced and sophisticated view of the network architecture, and blood is no longer at a few points in the network I: Implementing Intrusion Prevention.5.1.1.2 Monitoring AttacksFor administrators, one way to prevent end bugs and viruses from entering the network - is to constantly monitor the network and analyze the log files generated by network devices. This solution is not very scalable. Manually analyzing II log file information is time consuming and provides limited awareness of network attacks that have already started. This is because by the time the I logs are analyzed, the attack has already started.Intrusion detection systems (IDSs) passively monitor flows on the network h". An IDS-enabled device precariously brakes the flow wall flow and analyzes the precarious traffic, not the actual forwarded packets. It works in offline mode and compares the captured streams with the known characteristics of malware, similar to the software used to check for disease. Offline means that the IDS works passively; the IDS device is placed on the network and in order to reach the IDS, traffic must first be mirrored; if network traffic is not mirrored, it will not pass through the IDS. is mirrored and the IL may also be reported, the IDS cannot be acted upon by the packet. This offline IDS implementation is also known as promiscuous mode.The advantage of the IDS handling of the flow by-pass log is that it does not affect the flow of the actual packets that forward the stream. the disadvantage is that the IDS cannot prevent a malicious single packet attack from reaching the H mark until it responds to the attack. IDS often requires the assistance of other network devices, such as routers and firewalls, to respond to an attack.