IT Examiner School, Providence, RI

Intrusion Detection/Prevention Systems (IDS/IPS)

• Monitoring/analyzing users and  system activity • Analyzing system  configurations/vulnerabilities • Assessing system and file integrity • Ability to recognize patterns of attack • Analysis of abnormal activity patterns • Tracking user policy violations

Functions  include:

IDS/IPS (Cont.)

Host‐based ‐ Resides on  “host” computers and only  detects activity on that host

Network‐based ‐ Monitors  network traffic on segments  of the LAN •Must be maintained, monitored, and  updated to be effective