Lecture 12 Intrusion Detection Systems

A software to detect inappropriate or malicious activity on a computer netork

A software that has package payload analysis capabilities

A software that has alerting capabilities whenever a malicious package is identified

All answers are correct

Host-based IDS

Printer-based IDS

Network-based IDS

All answers are correct

Traffic collector

Indicator of compromise (IOCs) database

Analysis engine

User interface and reporting

Behaviour based, signature based, cognitive based, temporary based

Behaviour based, signature based, Anomaly based, artificial intelligence based

Behaviour based, signature based, Anomaly based, Heuristic based

Behaviour based, last access based, Anomaly based, derivative based

You will reduce the number of alarms

You will see all traffic passed from the FW into the network

You won't see attacks until they have breached the firewall

All of them are drawbacks

Falcon

Snort

Suricata

Tetragon

NIPS have an internal signature database

NIPS can't analyze encrypted traffic

NIPS must sit inline with the traffic

NIPS can use both anomaly based and signature based detections.