Which of the following is most likely true in the situation that your customer tells you they understand beyond a doubt an attacker is sending messages back and forth from their network, yet the IDS doesn’t appear to be alerted on the traffic?
A
The attacker is sending messages over an SSL tunnel.
explanation
The bane of IDS’ existence is Encryption. The IDS is blind as a bat if traffic is encrypted.
Comments