Reply to discussions
Reply to two discussion ½ each APA format.
1st Discussion
What is IDs and what is IPs?
Well, IDs was kind of the origination of intrusion detection system and historically they were signature-based, meaning it would look for certain types of data, data payloads, and data packets then it would watch all the traffic in the network that which it had visibility to, and make decisions if this is a good traffic or bad traffic, then it would alert you through either a console or some other alerting mechanism like Syslog or something like that. and to look at this traffic that it could be malicious as you can imagine a device on the network seeing hundreds thousands millions of packets evaluating them and then sending alerts to a human to make an action on isn't very real-time.
So, the next evolution of that was IPS which is an intrusion prevention system, so instead of just detecting and saying this looks bad it wouldn't do its best to say this looks bad and I'm going to stop it. IPs would make decisions based on signatures in real-time to block traffic, the good side of this is that you're potentially blocking malicious traffic in your environment, the bad side is if it thought something was malicious that really wasn't potentially you're causing a negative impact into your network environment, So things applications may not be working. Why would you use IDs or IPS? Well, maybe you're regulated by some agency maybe you want to have best-in-class security, so you enable these types of tools to tell you more about what's happening through your network.
With all of our technology around AI and machine learning, we know that this type of security is going there as well. Companies like ExtraHop and Dart Trace are working towards that, so they look at the network and they make decisions based on deep learning as opposed to signature to determine what's normal and what's not normal and make decisions from there. so it's a little bit more intelligent in the way that it reports issues and potentially can prevent threats. (Intrusion Detection and Prevention Systems (IDS/ IPS) | Security Basics, 2018).
Intrusion Detection and Prevention Systems (IDS/ IPS) | Security Basics. (2018). [Video]. Retrieved from https://www.youtube.com/watch?v=cGIgJOICpX0
2nd Discussion
This discussion board will be a continuation of the one I posted in week 05 where I talked about what an Intrusion Detection System was and discussed the major differences between an Intrusion Detection System and an Intrusion Prevention System.
Chapter 5 of our textbook went into great detail discussing all of the various types of Intrusion Detection Systems and describes it as being different from a firewall because it is designed to detect a security breach. As I mentioned a few weeks ago, an Intrusion Detection System is just as its name sounds, it detects anomalies and will report on those anomalies as long as it is configured properly, or is a statistical anomaly-based IDS, which can learn what is normal behavior on the network and then alarm when it sees something abnormal. Regardless of the type of Intrusion Detection System you may have, it still takes no action. Don’t get me wrong, it’s a wonderful tool to have in possibly preventing something potentially catastrophic because it can be identified early enough and alert the right folks to take action, but that is the extent of an Intrusion Detection System.
Intrusion Prevention Systems on the other hand do what their name suggest, they prevent intrusions. The premise behind an Intrusion Prevention System was to fill a frustrating void that the Intrusion Detection System had left, and that was to not only identify a potential threat, but to not allow that traffic through. Intrusion Prevention Systems have similar features to Intrusion Detection Systems in that they can be host-based or network-based, and they can also be content-based and determine what is and is not malicious based upon analysis or signatures. While neither solution is an end all, be all solution, they add an extra layer of defense to your network.
References
Cooper, S. (2019, February 27). 2019 Best Intrusion Detection Systems (10+ IDS Tools Reviewed). Retrieved from https://www.comparitech.com/net-admin/network-intrusion-detection-tools/.
Maymi, F., & Harris, S. (2018). Cissp All-In-One Exam Guide, Eighth Edition (8th ed.). McGraw-Hill Education.
pp_pankaj. (2019, April 8). Intrusion Detection System (IDS). Retrieved from https://www.geeksforgeeks.org/intrusion-detection-system-ids/.
What is an Intrusion Detection System? (n.d.). Retrieved from https://www.paloaltonetworks.com/cyberpedia/what-is-an-intrusion-detection-system-ids.