Re: [CCCure CISSP] icmp message questions

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Re: [CCCure CISSP] icmp message questions

cissp_student_01
 
Thank you for your explaination Doug, I don't agree with you AV does prevent virus and worm attacks, Like for example outlook email i love bug attachments the virus that come through SMTP protocol, Spyware.
 
IPS  we have host based and network based my question was with respect to Host based
 

From: [hidden email]
To: [hidden email]
Subject: RE: [CCCure CISSP] icmp message questions
Date: Fri, 22 Mar 2013 19:35:38 -0700

There are many types of IPSs.  AV is a specialized form of IPS that only looks at Hdisk/files and memory it does not “look” at NIC (wired and wireless) traffic, and network traffic or software applications.

There are network IPSs
Wireless IPSs   (WIPs)

And I don’t agree, but some folks call security cameras IPSs.  I guess they are but I think that’s more of a marketing term, it’s not what I would think of  when I think of and IPS.

 

Remember IPS are protection systems which mean they “protect” or do something to protect like create a firewall rule or send something like  disconnect.

 

Hope this helps,

Doug

 

 

 

 

 

 

 

 

 

 

 

 

 

From: abid James [mailto:[hidden email]]
Sent: Friday, March 22, 2013 12:15 PM
To: Doug Spindler
Subject: RE: [CCCure CISSP] icmp message questions

 

Doug,
 
I have a question for Host based IPS and Antivirus software do have the same functionality like preventation and detection.  What makes IPS different from AV except the quarantatine Do you know any other difference Basically, Can u
explain elobartely there differences.
 

 


To: [hidden email]
From: [hidden email]
Subject: Re: [CCCure CISSP] icmp message questions
Date: Thu, 21 Mar 2013 22:26:30 -0700

I have not taken the exam but from what I understand no questions like that would not be on the exam.

Sent from my HTC on the Now Network from Sprint!

----- Reply message -----
From: "abid James" <[hidden email]>
Date: Thu, Mar 21, 2013 3:02 pm
Subject: [CCCure CISSP] icmp message questions
To: "[hidden email]" <[hidden email]>

Hello All,
 
 
Studying ICMP messages types and code is it important
Do the exam have questions like  For echo reply what is the code no ?
 
 
Regards
Student


_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
Reply | Threaded
Open this post in threaded view
|

Re: [CCCure CISSP] icmp message questions

Doug Spindler

There is IDS and IPS.  One detects and alerts you to those threats while the other one detects threats can take measures to counter the threat perform alerting.

 

What does AV do?  Detect and alert?  Or detect, delete and alert?  My AV program only detects and alerts it does not automatically counter the threat.  AV can be host based or network based.  The threat is still there, it hasn’t been eliminated, just quarantined so it still has the potential to cause harm.

 

Is quarantining an email attachment IDS or IPS?

 

 

 

 

 

From: abid James [mailto:[hidden email]]
Sent: Friday, March 29, 2013 12:47 PM
To: Doug Spindler; [hidden email]
Subject: RE: [CCCure CISSP] icmp message questions

 

 
Thank you for your explaination Doug, I don't agree with you AV does prevent virus and worm attacks, Like for example outlook email i love bug attachments the virus that come through SMTP protocol, Spyware.
 
IPS  we have host based and network based my question was with respect to Host based
 


From: [hidden email]
To: [hidden email]
Subject: RE: [CCCure CISSP] icmp message questions
Date: Fri, 22 Mar 2013 19:35:38 -0700

There are many types of IPSs.  AV is a specialized form of IPS that only looks at Hdisk/files and memory it does not “look” at NIC (wired and wireless) traffic, and network traffic or software applications.

There are network IPSs
Wireless IPSs   (WIPs)

And I don’t agree, but some folks call security cameras IPSs.  I guess they are but I think that’s more of a marketing term, it’s not what I would think of  when I think of and IPS.

 

Remember IPS are protection systems which mean they “protect” or do something to protect like create a firewall rule or send something like  disconnect.

 

Hope this helps,

Doug

 

 

 

 

 

 

 

 

 

 

 

 

 

From: abid James [[hidden email]]
Sent: Friday, March 22, 2013 12:15 PM
To: Doug Spindler
Subject: RE: [CCCure CISSP] icmp message questions

 

Doug,
 
I have a question for Host based IPS and Antivirus software do have the same functionality like preventation and detection.  What makes IPS different from AV except the quarantatine Do you know any other difference Basically, Can u
explain elobartely there differences.
 

 


To: [hidden email]
From: [hidden email]
Subject: Re: [CCCure CISSP] icmp message questions
Date: Thu, 21 Mar 2013 22:26:30 -0700

I have not taken the exam but from what I understand no questions like that would not be on the exam.

Sent from my HTC on the Now Network from Sprint!

----- Reply message -----
From: "abid James" <[hidden email]>
Date: Thu, Mar 21, 2013 3:02 pm
Subject: [CCCure CISSP] icmp message questions
To: "[hidden email]" <[hidden email]>

Hello All,
 
 
Studying ICMP messages types and code is it important
Do the exam have questions like  For echo reply what is the code no ?
 
 
Regards
Student


_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
Reply | Threaded
Open this post in threaded view
|

Re: [CCCure CISSP] icmp message questions

Bijesh
In reply to this post by cissp_student_01
Hi James,

In host based IPS, the scanning of malicious content is primarily on the hosts' NIC.The IPS gets integrated to the drivers of the NIC, so that it can terminate connection at network layer itself.The role of IPS is primarily to prevent attacks on packet level (Layer 3 & 4) and then it advances to higher levels (to check buffer data,user agent etc).
AV basically monitors various services of an Operating System.However, it does not scan data incoming from the NIC. It checks for malicious programs acting on OS, files & memory.
IPS can prevent the host from SYN/DDOS attacks but an AV cant.
AV can prevent a worm incoming from a flash drive(autorun.inf) but IPS cant.

Ofcourse, there are AVs available these days integrated with firewall,Web AV & IPS to become one complete Internet Security System

Trust this helps.

Regards,
Bijesh

On Sat, Mar 30, 2013 at 1:16 AM, abid James <[hidden email]> wrote:
 
Thank you for your explaination Doug, I don't agree with you AV does prevent virus and worm attacks, Like for example outlook email i love bug attachments the virus that come through SMTP protocol, Spyware.
 
IPS  we have host based and network based my question was with respect to Host based
 

From: [hidden email]
To: [hidden email]
Subject: RE: [CCCure CISSP] icmp message questions
Date: Fri, 22 Mar 2013 19:35:38 -0700

There are many types of IPSs.  AV is a specialized form of IPS that only looks at Hdisk/files and memory it does not “look” at NIC (wired and wireless) traffic, and network traffic or software applications.

There are network IPSs
Wireless IPSs   (WIPs)

And I don’t agree, but some folks call security cameras IPSs.  I guess they are but I think that’s more of a marketing term, it’s not what I would think of  when I think of and IPS.

 

Remember IPS are protection systems which mean they “protect” or do something to protect like create a firewall rule or send something like  disconnect.

 

Hope this helps,

Doug

 

 

 

 

 

 

 

 

 

 

 

 

 

From: abid James [mailto:[hidden email]]
Sent: Friday, March 22, 2013 12:15 PM
To: Doug Spindler
Subject: RE: [CCCure CISSP] icmp message questions

 

Doug,
 
I have a question for Host based IPS and Antivirus software do have the same functionality like preventation and detection.  What makes IPS different from AV except the quarantatine Do you know any other difference Basically, Can u
explain elobartely there differences.
 

 


To: [hidden email]
From: [hidden email]
Subject: Re: [CCCure CISSP] icmp message questions
Date: Thu, 21 Mar 2013 22:26:30 -0700

I have not taken the exam but from what I understand no questions like that would not be on the exam.

Sent from my HTC on the Now Network from Sprint!

----- Reply message -----
From: "abid James" <[hidden email]>
Date: Thu, Mar 21, 2013 3:02 pm
Subject: [CCCure CISSP] icmp message questions
To: "[hidden email]" <[hidden email]>

Hello All,
 
 
Studying ICMP messages types and code is it important
Do the exam have questions like  For echo reply what is the code no ?
 
 
Regards
Student


_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org



_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
Reply | Threaded
Open this post in threaded view
|

Re: [CCCure CISSP] icmp message questions

cissp_student_01
Hello James,
 
 The given explaination i understand the IPS and AV are same however, My questionis AV does prevents the worm spreading in the network. Purpose is to choke the bandwidth. --Please comment
 
Shon Harris in her book AIO guide she writes AV is preventative control and IDS has detective control-- Can u please clarify this
 

Date: Sun, 31 Mar 2013 22:08:35 +0530
Subject: Re: [CCCure CISSP] icmp message questions
From: [hidden email]
To: [hidden email]; [hidden email]
CC: [hidden email]

Hi James,

In host based IPS, the scanning of malicious content is primarily on the hosts' NIC.The IPS gets integrated to the drivers of the NIC, so that it can terminate connection at network layer itself.The role of IPS is primarily to prevent attacks on packet level (Layer 3 & 4) and then it advances to higher levels (to check buffer data,user agent etc).
AV basically monitors various services of an Operating System.However, it does not scan data incoming from the NIC. It checks for malicious programs acting on OS, files & memory.
IPS can prevent the host from SYN/DDOS attacks but an AV cant.
AV can prevent a worm incoming from a flash drive(autorun.inf) but IPS cant.

Ofcourse, there are AVs available these days integrated with firewall,Web AV & IPS to become one complete Internet Security System

Trust this helps.

Regards,
Bijesh

On Sat, Mar 30, 2013 at 1:16 AM, abid James <[hidden email]> wrote:
 
Thank you for your explaination Doug, I don't agree with you AV does prevent virus and worm attacks, Like for example outlook email i love bug attachments the virus that come through SMTP protocol, Spyware.
 
IPS  we have host based and network based my question was with respect to Host based
 

From: [hidden email]
To: [hidden email]
Subject: RE: [CCCure CISSP] icmp message questions
Date: Fri, 22 Mar 2013 19:35:38 -0700

There are many types of IPSs.  AV is a specialized form of IPS that only looks at Hdisk/files and memory it does not “look” at NIC (wired and wireless) traffic, and network traffic or software applications.
There are network IPSs
Wireless IPSs   (WIPs)

And I don’t agree, but some folks call security cameras IPSs.  I guess they are but I think that’s more of a marketing term, it’s not what I would think of  when I think of and IPS.
 
Remember IPS are protection systems which mean they “protect” or do something to protect like create a firewall rule or send something like  disconnect.
 
Hope this helps,
Doug
 
 
 
 
 
 
 
 
 
 
 
 
 
From: abid James [mailto:[hidden email]]
Sent: Friday, March 22, 2013 12:15 PM
To: Doug Spindler
Subject: RE: [CCCure CISSP] icmp message questions

 
Doug,
 
I have a question for Host based IPS and Antivirus software do have the same functionality like preventation and detection.  What makes IPS different from AV except the quarantatine Do you know any other difference Basically, Can u
explain elobartely there differences.
 

 


To: [hidden email]
From: [hidden email]
Subject: Re: [CCCure CISSP] icmp message questions
Date: Thu, 21 Mar 2013 22:26:30 -0700

I have not taken the exam but from what I understand no questions like that would not be on the exam.

Sent from my HTC on the Now Network from Sprint!

----- Reply message -----
From: "abid James" <[hidden email]>
Date: Thu, Mar 21, 2013 3:02 pm
Subject: [CCCure CISSP] icmp message questions
To: "[hidden email]" <[hidden email]>

Hello All,
 
 
Studying ICMP messages types and code is it important
Do the exam have questions like  For echo reply what is the code no ?
 
 
Regards
Student


_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org



_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org