CISC 6680 Lecture Notes - Lecture 3: Intrusion Detection System, Critical System, Network Monitoring

Intrusion detection theory: firewalls & av are traditional protection methods, but will fail to protect networks majority of the time as attacks become more sophisticated. Ids only as good as its rule set & signatures: rule set & signatures are intelligence behind ids. Important part in ids product evaluation is company"s ability to write signatures for latest threats: ability to add own intelligence is key for ids product b/c attack methods may be unique to your environment. Important to have ids product that has false positive tuning. Intrusion detection types: 2 major implementation types: nids (network intrusion detection system) & hids (host intrusion detection system, combo of both are ideal deployment situation, nids great for data center & desktops while hids designed for laptops. Ideal location is choke point (area where inbound & outbound traffic is traversing: span port deployment, span port: configuration performed on switch/firewall that sends copy of all data being transmitted through device out specific port.