IT Examiner School, Seaside, CA

Intrusion Detection/Prevention Systems (IDS/IPS) • Functions include: – Monitoring/analyzing users and system activity – Analyzing system configurations/vulnerabilities

– Assessing system and file integrity – Ability to recognize patterns of attack – Analysis of abnormal activity patterns – Tracking user policy violations

IDS/IPS (Cont.) • Host-based - Resides on “host” computers and only detects activity on that host • Network-based - Monitors network traffic on segments of the LAN • Must be maintained, monitored, and updated to be effective • IT Survey has this information