Question
A particular vendor uses the following approach to intrusion detection. The company maintains a large number of honeypots distributed across the Internet. To a potential
A particular vendor uses the following approach to intrusion detection. The company maintains a large number of honeypots distributed across the Internet. To a potential attacker, these honeypots look like vulnerable systems. Consequently, the honeypots attract many attacks and, in particular, new attacks tend to show up on the honeypots soon aftersometimes even duringtheir development. Whenever a new attack is detected at one of the honeypots, the vendor immediately develops a signature and distributes the resulting signature to all systems using its product. The actual derivation of the signature is generally a manual process.
a. What are the advantages, if any, of this approach as compared to a standard signature-based system?
b. What are the advantages, if any, of this approach as compared to a standard anomaly-based system?
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started