0

I'm studying to take the Security+ exam. I'm really having problems figuring out this chart. I understand most of it. Can someone explain the following? alt text

  1. Why are there 2 sensors in this picture which both point to analyzer?

  2. Why is security policy not a block?

  3. Why does "trending and reporting" have no inputs?

  4. Can this picture be redrawn like this and have the same meaning? alt text

This is really confusing to me.

Mat
  • 202,337
  • 40
  • 393
  • 406
Adam Outler
  • 1,651
  • 4
  • 19
  • 23
  • You don't see both of them? You may have firewall blocking Photobucket.com? – Adam Outler Dec 19 '10 at 00:06
  • questions 1,2,and 3 all are for the first picture. Questions 4 is for the second picture. Let me reorganize and put the first picture at the top rather then after question 3 – Adam Outler Dec 19 '10 at 00:08

1 Answers1

0

I want to start out by saying that these kinds of diagrams are only really useful as high level overviews of what happens inside a system. Don't take them too literally. Why individual blocks are omitted or repeated is just going to be a mystery and probably not indicative of anything. That said, I'll try to look into my crystal ball and divine what the author might have been thinking:

1) There are two sensors to indicate that there is a 1:n relationship between analyzers and sensors. Meaning that in an IDS, there can be many sensors which all feed into a single analyzer.

2) Security Policy is the data which is supplied by an administrator. So the Administrator (a block) has an arrow (the policy) as an input to several other blocks. Think of it this way: you should always be able to label the arrows in a block diagram with exactly what data is being sent. In your blue diagram you made, what would the label be for the arrow between "Security Policy" and "Analyzer"? (It's the policy which is being sent)

3) "Trending and Reporting" is not a block (which would need an input). It is the label to the bidirectional arrow on the bottom. "Trending and Reporting" is the data which is being sent back and forth between the Administrator and Operator.

Hope that helps.

AltF4
  • 607
  • 6
  • 13
  • Thank you for your insight. I was having problems reading that diagram. I have no experience with IDS other then Windows Firewall. I was trying to picture this IDS as a set of functions running in a program on a computer. They were asking questions about it in the chapter tests and I could not make sense of it. Anyways, I'm now certified as of Thursday. Thank you. Out of curiosity, what would be trending and reporting data? Wouldn't that be false positives or negatives as reported by the manager? – Adam Outler Dec 26 '10 at 11:51
  • It's not really clear to me what the dotted lines are meant to convey. If I were to guess from context, I'd say out-of-band communication. Which would mean "trending and reporting" would consist of the Admin and Operator talking about how well the system is working. False positives and negatives would be part of that, so yea. – AltF4 Jan 04 '11 at 15:19