3.4 Intrusion Detection
Earlier in this section, we looked at the IDS as a component of a network. In an ideal world, every system would run flawless software (with no known or soon-to-be discovered bugs which can be exploited), administrators would never make careless mistakes and users well what can we say? Since this is the real world, not the ideal world, new security bugs are discovered daily, administrators do sometimes set permissions incorrectly and users load software from virus-infected diskettes. Thus, organizations need the capability to detect and respond appropriately to suspicious activity, and deploying IDS is one way to help automate this process.
Standards that apply to IDS, which you might wish to investigate, include CIDF (Common Intrusion Detection Framework, by DARPA) and IDWG (ID Working Group by IETF).
In this section we will delve into specific types and features of IDSs. There are two primary types of IDS, network based and host based. Some IDSs make use of only one or the other, and some make use of both. Well discuss each of these types of IDS in more detail below. For SY0-101, the differences between active IDS and passive IDS are testable. In the world since SY0-101 was written, the term IPS (Intrusion Prevention Systems) has taken hold as another way to say Active IDS or put yet another way the blending of a firewall and IDS.334 The question is, is it working335 A good overview of the whole topic was done by InfoWorld 336 along with 10 evaluation and deployment tips337.
Home - Table Of Contents - Contact Us
CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004
Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.