Q: What are the principles of IDS/IPS and how can they be bypassed?
A: IDS/IPS systems combine three main detection methods to identify and prevent threats:
- Static Detection (Signature-Based): Compares network traffic against a database of known attack signatures.
- Dynamic Detection (Anomaly-Based): Simulates the execution of code to see if it exhibits malicious behaviour.
- Behavioural Analysis: Monitors network behaviour over time to detect deviations from normal patterns.
Methods to Bypass IDS/IPS:
- Network Obfuscation: Spoofing IP addresses or using network infrastructure to hide the source of an attack.
- Packet Fragmentation: Splitting malicious payloads into smaller packets to avoid signature detection.
- Special Character Encoding: Using uncommon characters or encoding to obfuscate malicious code.
- Encryption: Encrypting the payload to prevent the IDS/IPS from inspecting its contents.