CertiGuide to Security+  9  Chapter 3:  Infrastructure Security (Domain 3.0; 20%)

Pop Quiz 3.1 1 3.4.1  Network Based

Earlier in this section, we looked at the IDS as a component of a network. In an ideal world, every system would run flawless software (with no known or soon-to-be discovered bugs which can be exploited), administrators would never make careless mistakes and users… well… what can we say? Since this is the real world, not the ideal world, new security bugs are discovered daily, administrators do sometimes set permissions incorrectly and users load software from virus-infected diskettes. Thus, organizations need the capability to detect and respond appropriately to suspicious activity, and deploying IDS is one way to help automate this process.

Standards that apply to IDS, which you might wish to investigate, include CIDF (Common Intrusion Detection Framework, by DARPA) and IDWG (ID Working Group by IETF).

In this section we will delve into specific types and features of IDSs. There are two primary types of IDS, network based and host based. Some IDSs make use of only one or the other, and some make use of both. We’ll discuss each of these types of IDS in more detail below. For SY0-101, the differences between active IDS and passive IDS are testable. In the world since SY0-101 was written, the term IPS (Intrusion Prevention Systems) has taken hold as another way to say Active IDS or put yet another way the blending of a firewall and IDS.³³⁴ The question is, is it working³³⁵ A good overview of the whole topic was done by InfoWorld ³³⁶ along with 10 evaluation and deployment tips³³⁷.

Pop Quiz 3.1 1 3.4.1  Network Based