AnIntrusion Detection System (IDS)typically sits at the network perimeter and is designed to detect suspicious traffic, including command and control (C2) traffic and other potentially malicious activities.
Intrusion Detection Systems:
IDS are deployed at strategic points within the network, often at the perimeter, to monitor incoming and outgoing traffic for signs of malicious activity.
These systems are configured to detect various types of threats, including C2 traffic, which is a key indicator of compromised systems communicating with an attacker-controlled server.
Incorrect Options:
A. Host-based firewall:This is more focused on controlling traffic at the endpoint level, not at the network perimeter.
B. Web proxy:Primarily used for controlling and filtering web traffic, but not specifically designed to detect C2 traffic.
C. Endpoint Detection and Response (EDR):Focuses on endpoint protection rather than monitoring network perimeter traffic.
[References:Network Security Practices:IDS implementation is a standard practice for perimeter security to detect early signs of network intrusion., ]
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit