401 Reading 14 - marsecguy/reading-notes-cyberops GitHub Wiki

Intrusion Detections Systems (IDS)

1. List 2 differences between firewalls and an IDS?

   • A firewall is designed to prevent intrusions, while an IDS is not. It is designed to detect intrusions.
   • Firewalls are proactive in nature, trying to actively block harmful. IDS are passive in nature, monitoring traffic and alerting if something gets through.

2. Under what circumstances would you choose a network-based IDS over a host-based IDS?

   • With a large network where installing, updating and maintaining each individual host would be cost-prohibitive
   • In a regulated industry where compliance inspections are a bigger issue

3. Name 3 major drawbacks of a NIDS?

   • Does not prevent or stop an attack
   • Frequent false positives
   • IP packets can be faked
   • Require continuous updates

Source: Rapid7