Question

Please explain NIDS in a little more depth. Also, who poses a threat to a business's physical and environmental security? Which do you think would be a bigger threat, people inside or outside of the organization? Why?


(Please Text format, no pictures or hand written).

Answer 1

---> A network-based intrusion detection system (NIDS) detects malicious traffic on a network. NIDS usually require promiscuous network access in order to analyze all traffic, including all unicast traffic.

---> NIDS are passive devices that do not interfere with the traffic they monitor.

---> The NIDS sniffs the internal interface of the firewall in read-only mode and sends alerts to a NIDS Management server via a different (ie, read/write) network interface.

---> Network-based intrusion detection systems (NIDS) are devices intelligently distributed within networks that passively inspect traffic traversing the devices on which they sit.

---> NIDS can be hardware or software-based systems and, depending on the manufacturer of the system, can attach to various network mediums such as Ethernet, FDDI, and others.

---> Oftentimes, NIDS have two network interfaces. One is used for listening to network conversations in promiscuous mode and the other is used for control and reporting.

---> With the advent of switching, which isolates unicast conversations to ingress and egress switch ports, network infrastructure vendors have devised port-mirroring techniques to replicate all network traffic to the NIDS.

---> There are other means of supplying traffic to the IDS such as network taps. Cisco uses Switched Port Analyzer (SPAN).

---> functionality to facilitate this capability on their network devices and, in some network equipment, includes NIDS components directly within the switch.

---> While there are many NIDS vendors, all systems tend to function in one of two ways.

NIDS are either signature-based or anomaly-based systems. Both are mechanisms that separate benign traffic from its malicious brethren.

---> Potential issues with NIDS include high-speed network data overload, tuning difficulties, encryption, and signature development lag time.

---> Security is very important to organizations and their infrastructures, and physical security is no exception. Hacking is not only way information and their related systems can be compromised.

---> Physical security encompasses a different set of threats, vulnerabilities, and risks than the other types of security we have addressed so far.

---> Physical security mechanism includes site design and layout, environmental components, emergrncy response readiness, training, access control, intrucion detection, and power and fire protection. Physical security mechanisms protect people, data, equipment, systems, facilitates, and a long list of company assets.

---> Physical security has a different set of vulnerabilities, threats, and counter measures from that of computer and information security.

The threts that an organization faces fall into many different categories.

* Natural environmental threats: Floods, earthquakes, storms and tornadoes, fires extreme temperature conditions, and so forth.

* Supply System Threats

* Manmade threats

* Politically motivated threats

---> Environmental security is the state of human-environment dynamics that includes restoration of the environment damaged by military actions, and amelioration of resource scarcities, environmental degradation, and biological threats that could lead to social disorder and conflict.

---> More companies are taking notice of the risks that insiders can pose to the company's data security today than in the past. Historically, the data breaches that make the news are typically carried out by outsiders.

---> While these breaches can cost hundreds of thousands of dollars (often millions more), outsider threats are generally the threats that have been addressed with traditional security measures.

--->  It's the threats that originate from inside that are much more difficult to prevent and detect using one-size-fits-all security measures.

---> Just one of the reasons that insider threats are more difficult to prevent stems from the fact that insiders don't always threaten the company's data security intentionally.

--->  In fact, many data breaches resulting from insider threats are completely unintentional.

---> To combat these risks, as well as the insider threats originating from those who do have malicious intent, a holistic approach to security is essential in the modern threat landscape – one that adequately addresses not only insider and outsider threats, but effectively manages both unintentional and intentional threats posed by those within your organization.