Chapter Review Questions

1. When was the first commercial IDS developed and by whom?

2. What are the two types of IDS and should they be deployed together or separately?

3. Define and discuss NIDSs. How and where are they effective in a network?

4. Define and discuss HIDSs. How and where are they effective in a network?

5. When is anomaly detection the most effective and why?

6. Which intrusion detection methodology also verifies application behavior?

7. List and define each of the two techniques an IDS can employ to prevent an attack.

8. List the three most important IDS limitations, in your opinion, and explain why you choose them.

9. True or false: Honeypots distract attackers from more valuable resources.