It only monitors network traffic and alerts administrators of potential threats.

It automatically takes action to prevent threats after detecting them.

It blocks network access based on specific port numbers.

It encrypts data being transmitted over the network.

Encrypt network traffic between devices

Log all network traffic on a device

Control traffic based on IP addresses, ports, and protocols

Perform URL filtering on outgoing network traffic

Principle of Least Privilege

Explicit Allow

Implicit Deny

Role-Based Access Control

A segment isolated by two firewalls to separate public-facing servers from internal systems

A VLAN that restricts access to sensitive data

A subnet that provides secure encryption for traffic

A method for load balancing internal traffic

They can detect and prevent local system changes.

They analyze all network traffic for suspicious activity.

They provide more detailed reports on host-specific threats.

They are more effective at preventing local file modifications.

Matching packets against known attack signatures

Establishing a baseline of normal activity and detecting deviations

Monitoring for specific IP addresses

Filtering web traffic by URL

Signature-based detection

Anomaly-based detection

Protocol filtering

Port scanning