Like this CertiGuide? Get it in PDF format!
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Need more practice? 300 additional Security+ questions!
Get It Here!

Custom Search







Table Of Contents  CertiGuide to Security+
 9  Chapter 3:  Infrastructure Security (Domain 3.0; 20%)

Previous Topic/Section
Pop Quiz 3.1
Previous Page
Pages in Current Topic/Section
1
Next Page
3.4.1  Network Based
Next Topic/Section

3.4  Intrusion Detection

Earlier in this section, we looked at the IDS as a component of a network. In an ideal world, every system would run flawless software (with no known or soon-to-be discovered bugs which can be exploited), administrators would never make careless mistakes and users… well… what can we say? Since this is the real world, not the ideal world, new security bugs are discovered daily, administrators do sometimes set permissions incorrectly and users load software from virus-infected diskettes. Thus, organizations need the capability to detect and respond appropriately to suspicious activity, and deploying IDS is one way to help automate this process.

IDS Standards

Standards that apply to IDS, which you might wish to investigate, include CIDF (Common Intrusion Detection Framework, by DARPA) and IDWG (ID Working Group by IETF).

In this section we will delve into specific types and features of IDSs. There are two primary types of IDS, network based and host based. Some IDSs make use of only one or the other, and some make use of both. We’ll discuss each of these types of IDS in more detail below. For SY0-101, the differences between active IDS and passive IDS are testable. In the world since SY0-101 was written, the term IPS (Intrusion Prevention Systems) has taken hold as another way to say Active IDS or put yet another way the blending of a firewall and IDS.334 The question is, is it working335 A good overview of the whole topic was done by InfoWorld 336 along with 10 evaluation and deployment tips337.

Intrusion Detection Systems

Intrusion detection systems may be network-based or host-based.


Quick navigation to subsections and regular topics in this section



 __________________

334. http://www.securityfocus.com/infocus/1670

335. http://www.infoworld.com/article/03/04/04/14ips_1.html

336. http://www.infoworld.com/article/04/03/12/11FEids_1.html

337. http://www.infoworld.com/article/04/03/12/11FEidstips_1.html

Previous Topic/Section
Pop Quiz 3.1
Previous Page
Pages in Current Topic/Section
1
Next Page
3.4.1  Network Based
Next Topic/Section

If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $



Home - Table Of Contents - Contact Us

CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.