Answer 1: An IPS and IDS are similar in terms of detection, but an IPS also has response abilities. Answer 2: A baseline creates a pattern of normal behaviors.
Answer 3: Sign of a compromised machine.
Answer 4: No, these are logged.
Answer 5: Host-based monitor machines; network-based monitor networks.
Answer 6: Identify the digital signatures of common reconnaissance and probing tools such
PING, scans performed by Nmap, Nessus®, etc. Program your IDS and IPS
devices to specifically alert and block reconnaissance and probing IP packets that
are commonly used by these attack tools. All of the normal hacking applications
and tools that generate ICMP, IP, UDP, and TCP should also be identified and
blocked on your external IDS/IPS device including DoS and DDoS digital
signatures.
Answer 7: To provide your network and security organization with real-time alertsand alarms pertaining to potential system compromise and/or unauthorized access.
Answer 8: Typically, the LAN-to-WAN Domain and Internet ingress/egress point is theprimary location for
IPS devices. Second to that would be internal networks That have or require the highest level of security and protection from unauthorized access.
