Network-based Intrusion Detection systems:
Click on the arrows to vote for the correct answer
A. B. C. D.A.
Network-based ID systems: - Commonly reside on a discrete network segment and monitor the traffic on that network segment - Usually consist of a network appliance with a Network Interface Card (NIC) that is operating in promiscuous mode and is intercepting and analyzing the network packets in real time "A passive NIDS takes advantage of promiscuous mode access to the network, allowing it to gain visibility into every packet traversing the network segment.
This allows the system to inspect packets and monitor sessions without impacting the network, performance, or the systems and applications utilizing the network." NOTE FROM CLEMENT: A discrete network is a synonym for a SINGLE network.Usually the sensor will monitor a single network segment, however there are IDS today that allow you to monitor multiple LAN's at the same time.
References used for this question: KRUTZ, Ronald L.
& VINES, Russel.
D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 62
and Official (ISC)2 Guide to the CISSP CBK, Hal Tipton and Kevin Henry, Page 196 and Additional information on IDS systems can be found here: http://en.wikipedia.org/wiki/Intrusion_detection_system.
Answer A is correct: Network-based Intrusion Detection Systems (NIDS) are designed to monitor network traffic and identify any malicious or unauthorized activity. They commonly reside on a discrete network segment, also known as a network tap or SPAN port, and monitor all traffic passing through that segment.
By monitoring the traffic on a separate network segment, the NIDS can detect threats that may not be visible to the individual hosts or devices on the network. The NIDS can analyze traffic patterns, identify known attack signatures, and flag any suspicious activity.
NIDS can be configured to operate in either passive or active mode. In passive mode, the NIDS only monitors the network traffic and generates alerts or reports when suspicious activity is detected. In active mode, the NIDS can take actions to block or mitigate the threat.
NIDS can be an effective tool for detecting network-based attacks such as port scanning, denial-of-service attacks, and malware infections. However, they do have some limitations. For example, they may not be able to detect attacks that use encrypted traffic, and they may generate a high volume of false positives if not configured correctly. Therefore, it is important to implement NIDS as part of a broader security strategy that includes other security controls such as firewalls, antivirus software, and user awareness training.