Intrusion Detection and Prevention Systems (IDS IPS).md - Juan-bit94/Ops401D10 GitHub Wiki
Intrusion Detection and Prevention Systems (IDS/IPS)
Why does this topic matter?
This topic matters because the implementation of Network Intrusion Detection Systems is essential for identifying and responding to threats in the network.
List 2 differences between firewalls and an IDS?
Intrusion detection systems are used to identify and alert security teams of network activities. Firewalls actually keep potential malicious attacks out. All in all, IDS are a visibility tool and Firewalls are prevention tool.
Under what circumstances would you choose a network-based IDS over a host-based IDS?
I would choose a network based IDS over host based IDS if I needed to monitor a large network, NIDS are great at analyzing traffic at the network layer.
NIDS are also able to provide a comprehensive view of network traffic, since it monitors data in transit, and allows for centralized monitoring.
Name 3 major drawbacks of a NIDS?
NIDS are so focused on network traffic and will not have detailed visibility into activities occurring on individual hosts.
NIDS have a difficult time inspecting encrypted traffic. In this day in age where encryption is used more often, implementing NIDS in a network that utilizes encryption in its communicating will be difficult to detect malicious activities.
NIDS (and IDS) are suspectable to false positives. Since NIDS analyzes network traffic patterns and signatures, some network activities that are legitimate might be flagged as suspicious.
Things I want to know more about.
I would like to know how NIDS can integrate with SIEM. It would be of great interests to me to see how NIDS generated alerts contribute to a broader security monitoring environment.