Unit 8: Intrusion Detection and Prevention Systems
Even though networks and hosts have security methods in place, hackers continue to attempt to intrude upon systems and sometimes and are successful at gaining access. Intrusion detection systems (IDS) are used to track these attempts or intrusions and have the ability to stop an intruder from gaining access to information thereby keeping the information secure. This unit will discuss the different types of intrusion detection and intrusion prevention systems and will differentiate between network-based intrusion detection systems (NIDS) and host-based intrusion detection systems (HIDS). Tools for system information and event management (SIEM) such as scanners, network scanners, and web applications are also discussed.
Completing this unit should take you approximately 4 hours.
8.1: Intrusion Detection Systems (IDS)
8.2: Network Intrusion Detection Systems (NIDS)
As you learned in the previous section, intrusion detection does not prevent intrusions but detects and logs intrusions. This section will focus on network intrusion detection systems (NIDS), and the next section will discuss host-based detection systems (HIDS).
8.3: Host-based Intrusion Detection Systems (HIDS)
The previous section focused on network intrusion detection systems (NIDS). This section will go into more detail about host-based intrusion detection systems (HIDS). There is a difference between the two tools but in essence, they both have the same goal; to detect system intrusions. Notice how HIDS differs from NIDS.
8.4: Intrusion Prevention Systems (IPS)
As we discussed, the previous sections defined intrusion detection but did not provide for intrusion protection. Intrusion protection systems (IPS) detect and perform actions to prevent an intrusion. This section will describe IPS in more detail. You should notice the differences between intrusion detection systems and IPS.
8.5: System Information and Event Management (SIEM)
Security information and event management (SIEM) systems differ from intrusion detection and prevention systems in that they log, monitor, and analyze event reports. There are different types of SIEM to include scanners for the network and the web. Splunk is also discussed and is one popular SIEM tool used by private and public organizations. Security professionals approve the types of detection or prevention systems that are appropriate for a system, so you should understand the appropriate use for and the differences between these tools.
Unit 8 Assessment
- Receive a grade