In: Computer Science
Describe in detail the intrusion detection and prevention measures that you will deploy in your organization. Your discussion should also include the following:
Describe in detail the intrusion detection and prevention measures that you will deploy in your organization. Your discussion should also include the following:
[T3.1] IDS type and why you will need it
[T3.2] IPS type and why you will need it
[T3.3] The proposal of the appropriate positions for IDS/IPS in a network topology in order to increase the security of the environment,
along with providing supportive justifications of the proposed positions.
An intrusion detection system (IDS) is a system that monitors network traffic for suspicious activity and alerts when such activity is discovered. While anomaly detection and reporting are the primary functions, some intrusion detection systems are capable of taking actions when malicious activity or anomalous traffic is detected, including blocking traffic sent from suspicious Internet Protocol (IP) addresses.
An IDS can be contrasted with an intrusion prevention system (IPS), which monitors network packets for potentially damaging network traffic, like an IDS, but has the primary goal of preventing threats once detected, as opposed to primarily detecting and recording threats.
Intrusion prevention systems come in four primary types:
The main difference between intrusion detection systems (IDS) and intrusion prevention systems (IPS) is that IDS are monitoring systems and IPS are control systems. IDS won't alter network traffic while IPS prevents packets from delivering based on the contents of the packet, similar to how a firewall prevents traffic by IP address.
IDS are used to monitor networks and send alerts when suspicious activity on a system or network is detected while an IPS reacts to cyberattacks in real-time with the goal of preventing them from reaching targeted systems and networks.
You can Comment for any queries. I request you to like my answer please.