Intrusion Detection and Prevention Systems (IDS IPS) - focodecided/ops401-cybersecurity GitHub Wiki
List 2 differences between firewalls and an IDS?
- Firewalls block potentially malicious traffic, while IDS only detects and alerts on threats
- IDS provides visibility into attacks against systems within the network perimeter that get past the firewall
Under what circumstances would you choose a network-based IDS over a host-based IDS?
- When you need to monitor a network segment rather than individual hosts
- When fast threat detection is critical since network IDS operates in real-time
- When the attack detection needs to be independent of host operating systems
- When the cost of rolling out and managing host-based software is prohibitive
Name 3 major drawbacks of a NIDS?
- Generates frequent false positives that must be investigated
- Unable to process encrypted traffic so attacks in encrypted packets are not visible
- Attackers can spoof IP addresses to disguise their identity and evade detection
Source:
https://www.rapid7.com/blog/post/2017/01/11/the-pros-cons-of-intrusion-detection-systems/