Read this whole guide offline with no ads, for a low price!
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Need more practice? 300 additional Security+ questions!
Get It Here!

Custom Search







Table Of Contents  CertiGuide to Security+
 9  Chapter 3:  Infrastructure Security (Domain 3.0; 20%)
      9  3.4  Intrusion Detection
           9  3.4.1  Network Based

Previous Topic/Section
3.4.1  Network Based
Previous Page
Pages in Current Topic/Section
1
Next Page
 3.4.1.2  Passive Detection
Next Topic/Section

3.4.1.1  Active Detection

NIDS are increasingly focusing on active detection. This does not refer to how the NIDS detects potential problems, as you might expect. Instead it refers to how the NIDS responds to the situation once it is detected. (Sorry folks, this is the industry standard terminology. We didn’t create it.) With active detection, the NIDS takes some action to mitigate the detected threat. Such options can include:

  • Reconfigure a firewall or router to route traffic around a problem such as a DoS attack

  • Break suspicious network connections

  • Send a message to a host-based agent to shut down a vulnerable service on a particular host

  • Attempt to collect more information about the intrusion

Active NIDS

With Active Detection, a NIDS actively attempts to perform “damage control” on a detected intrusion attempt.

Actions taken as part of active detection can include reconfiguring a router to route around a network problem like a DoS attack, breaking suspicious network connections, shutting down services to minimize vulnerability, or collecting more information about the intrusion.



Previous Topic/Section
3.4.1  Network Based
Previous Page
Pages in Current Topic/Section
1
Next Page
 3.4.1.2  Passive Detection
Next Topic/Section

If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $


Home - Table Of Contents - Contact Us

CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.