Professional Documents
Culture Documents
IDS, IPS:
Intrusion detection system (IDS) is more like a monitoring system whereas IPS is a control system.
That means, IDS continuously monitor the network traffic for any suspicious activity and alert the
administrator if found whereas IPS acts to suspicious activity with the aim of preventing them from
reaching to targeted system.
IDS compare network traffic against known threats, and someone is needed to analyse the results
and take necessary actions. IPS can detect and acting itself. Unlike IPS, IDS is passive/offline, so
traffic does not have to flow through IDS.
https://www.upguard.com/blog/ids-vs-ips
Limitations:
IDS/IPS sensor failure can cause abnormal/ intrusion to bypass network security and then cause
severe attacks.
Cannot protect against weak authentication: If an attack gains access due to weak password, IDS will
not be able to detect such abnormalities.
Use of IPsec: As we know, with IPsec it encrypts and authenticates all network traffic. Any suspicious
traffic will be prevented.
IDS/IPS: IDS and IPS must be placed in our network for continuously monitoring and analysing the
network traffic. In case of any suspicious detection, it will alert the administrator so that mitigation
measures can be implemented.
Examples of Zero-day exploit:
https://guardiandigital.com/blog/zero-day-attack
IPS and IDS can deploy as a sensor in router, security appliances subjected to provide IDS/IPS
services, Host software on client computer, servers.
Selecting a firewall for any company needs to address company’s characteristics: The common
firewall implementation and design should address:
Suitability,
Flexibility,
Training,
Need,
Risk,
Cost.
Features
Testing smoothwall-47
Troubleshooting -48
Openswan-49
http://techgenix.com/microsoft-directaccess-overview/
lecture 9: Network Security and threats.
Case studies:
Identify assets:
Identify threats:
Malicious attack
System failure
Worms viruses
Identify vulnerabilities:
Recommend solutions:
Before implementing the measure, it is important to calculate the cost of implementation and the
benefits of implementation. If implementation cost exceeds benefits, then its better to accept the
risks.
Risk matrix: