Untitled Presentation

Anomaly-based system

Protocol-based system

Signature-based system

Behavior-based system

All data received

Data matching a known virus signature

Data exceeding an established threshold

Unauthorized access attempts

To monitor asset conditions

To detect and prevent network intrusions

To manage network performance

To analyze network traffic

Attempted Break-ins

Masquerade attacks

Denial of Service

Malicious Use

An IDS detects and alerts on potential intrusions, while an IPS can actively block or prevent them.

An IDS operates on the network layer, while an IPS operates on the application layer.

An IDS is used for physical security breaches, while an IPS is used for digital security breaches.

There is no difference; IDS and IPS are interchangeable terms.

A firewall enhances security by encrypting all network traffic.

A firewall enhances security by slowing down network performance.

A firewall enhances security by monitoring and controlling network traffic based on security rules, acting as a barrier between trusted and untrusted networks.

A firewall enhances security by allowing all network traffic without any restrictions.

Firewalls can detect all security breaches

Firewalls inspect all traffic content

Firewalls are less likely to be attacked than IDS

Firewalls cannot detect security breaches associated with traffic that does not pass through it

To block all network traffic

To inspect all network activity and identify suspicious patterns

To monitor only outbound traffic

To prevent all system attacks

Monitor

Respond

Report

Analyze

Monitor

Report

Analyze

Detect

To initiate mitigation activities

To provide risk-related information

To deal with incidents

To monitor security risks

Preemptory

Reactionary

Proactive

Passive

Monitoring network activity

Capturing packet headers

Comparing patterns with threats

Sending email notifications

Swatch

Log check

Mod_security

Tripwire

Rule Based detection is faster

Anomaly detection can identify new attacks

Rule Based detection requires less data

Anomaly detection is less accurate

Anomaly-analysis-based IDS

Heuristics-based IDS

Stateful-inspection-based IDS

Signature-based IDS

Anti-Virus

software

Motion Detectors

Firewall

Honeypots

Anomaly

Iteration

Parameter

Precision

Active

Passive

Reactive

Proactive

A value that represents the boundary of normal activity

A maximum number of attempts allowed

A type of network activity

A measure of file I/O activity

It specifies the action to take

It specifies the destination IP

It specifies the protocol

It specifies the source IP

Header Analysis

Payload Analysis

Traffic Analysis

Network Analysis

Intrusion

Non-intrusion

Malware

Phishing

Using bad checksum

Spoofed addresses

Duplicate TCP packets

All of the above

Dragon from Enterasys

CISCO Secure IDS

Snort

Wazuh

Sniffer

Packet logger

Network intrusion detection

Firewall

Fast

Flexible

Open-source

All of the above