Join the 40,000+ candidates in over 58 countries that have found a faster, better way to pass their certification exam.
Comprehensive practice exam engine!
All features in the FREE plan, plus:
Welcome to our Network Intrusion Detection and Prevention Systems Module. An intrusion detection system or IDS Is like a burglar alarm system for your network. It will monitor your system or network for potentially malicious traffic in real time. The system will then alert an administrator to notify them that the network is being used in some way that is out of compliance with your organization's policy.
It is important to remember an IDS will monitor intrusions, but will not stop an intrusion from occurring. An intrusion is either an attempt to access your system or network by an unauthorized individual, or an attempt to disrupt your operations by sending malware or using a denial of service attack.
It is always best to stop the attacker when they first enter your system, before they can spread further throughout your network or systems. A network intrusion prevention system, or IPS, is, also responsible for monitoring your network. But it can take actions to combat an attack without intervention from a user.
It can configure a firewall to block the IP address of an intruder, launch a program to handle the event, save the packets in a file so that you can analyze that data later, or terminate the TCP session by generating a TCP thin packet to force a connection to terminate.
And IDS or IPS is able to alert your administrators by either sending an alert to an administrative console, or by sending an email message, a page, or a cellphone message. The administrator will be your first responder, who will then decide if this is an incident that requires further action, or perhaps a false positive that does not require any follow-up.
You should remember for the CISSP examination that a network intrusion prevention system will stop an attack from occurring, whereas a intrusion detection system will simply log the fact that an attack has occurred, and notify the administrators. Here we can take a look at a sample network that uses intrusion detection and prevention technology.
We have host-based intrusion detection systems, intrusion prevention systems, which is software installed on our servers and our client computers in order to prevent intrusions from occurring. Or switch has a sensor or mirror port which is able to collect the data from the switch and forward it to our intrusion detection system or intrusion prevention system In order to look for any malicious traffic.
We can also use an inline network IDS or IPS tap or sensor which allows it to collect data as the data moves through the network. Your intrusion prevention systems will respond to an incident in real time. And they use detection technology based on either signatures of known attacks or anomaly detection, which can detect when something is out of the ordinary.
Intrusion detection systems will typically have console where administrators can monitor the activities, and receive alerts. And, you'll, typically, have a firewall at your perimeter, which will deny incoming traffic that is not specifically allowed by your policy. Your state for firewalls are also able to track outgoing session information, and dynamically open ports, as necessary for your internal employees who have requested data from the Internet.
The best practice is to prevent any attacks on your network but if you are not able to prevent an attack it is critical that you detect that an attack occurred. You can use either behavioral or anomaly based detection, or signature or knowledge based detection. Anomaly detection takes a look at your current system statistics and compares it to your baseline or normal activity to look for any deviations.
Signature based detection will look at your traffic and compare it to a variety of known attack signatures. Which should be updated very frequently so that your device is aware of new attacks as they become prevalent. Intrusion detection systems and intrusion prevention systems on your network are not able to examine encrypted traffic.
When you have a host-based intrusion detection or prevention system running on a computer, a server or other device, that device is able to examine encrypted traffic, since it is being decrypted at that device. And you should remember that for the CISSP examination. Only a host based intrusion detection or prevention system, can examine encrypted traffic.
You can use a log file monitor to watch your systems and performance logs for any unusual activities and notify administrator, a system file monitor which can create a hash value or digital fingerprint for your system files, and then regularly check them to see if they have been modified, or if perhaps a root kit has been installed.
And Tripwire is a common tool to do this, and you can also monitor any application or program activity. These detection mechanisms are only found on host based intrusion detection systems and not on network based intrusion detection and prevention systems. This concludes our network intrusion detection and prevention systems module.
Thank you for watching.
Classified by skill and ranked by difficulty. Choose to answer questions in STUDY MODE to review and you go.
Know when you’re ready for the high-stakes exam. Have the confidence that you will pass on your first attempt.
Don’t forget what you’ve just studied! Use the intelligent reinforcement questions to stay fresh.
THANK YOU! Just bloody thank you! I’m doing the CEH minor at my college and well...I’ve learned more from this site in a few hours than I’ve learned from my school in 9 weeks about the subject. Keep up the good work!
Skillset’s Exam Engine continuously assesses your knowledge and determines when you are ready take and pass your exam. When Skillset learns that there is a gap between your knowledge and what you need to know to pass, we present you with a focused training module that gets you up to speed quickly. No fluff! Find your knowledge gaps and fill them.
Skillset is confident that we can help anyone pass their exam. If you reach 100% readiness, and you do not pass your exam, we will refund you plus pay for a replacement exam voucher. That’s how powerful our learning system is, we can offer this guarantee and stand behind our products with this no risk to you guarantee. See terms and conditions.
Don’t waste time studying concepts you have already mastered. Focus on what you need to know to pass. The Skillset Competency Diagnostic aligns our Exam Engine and Learning Plan to your baseline knowledge. This saves an average of 31% of the time required to prep for a professional certification exam.
More PRO benefits are being built all the time!