Discussion: Due Jul/15
Intrusion detection systems have fundamental flaws in their designs and functionalities. Intrusion detection does not necessarily prevent intrusions. As more organizations encrypt traffic, it becomes increasingly difficult to track intrusions because IDSs have no capabilities to examine encrypted traffic and are, therefore, unable to recognize problems and create alerts. Engineers rely heavily on IDSs to fight hackers. If configured improperly, the IDS will generate false positive alerts, which can be disastrous to the organization. Too many alerts can cause security administrators to become complacent and overlook important events. Several studies have shown that detections of negative security events can take over six months.
In this discussion, you are going to look at the role of IDSs in protecting digital assets. Research a minimum of three industry publications (e.g., National Institute for Standards & Technology [NIST], Institute of Electrical and Electronic Engineers [IEEE], Internet Engineering Taskforce [IETF], etc.) on this topic. Address the differences and similarities between IDS and intrusion protection systems (IPS). Explain some of the difficulties associated with configuring and maintaining IDSs, given the changing pattern of traffic on networks. Considering these issues, explain why organizations rely heavily on IDSs, even though they do not prevent hackers from penetrating an infrastructure. Support your statements with evidence from your sources.
Your initial post should be a minimum of 250 words.
Assignment : Due Jul/19
Prior to beginning work on this assignment, please read Chapter 21 in the textbook as well as Chapter 2: Intrusion Detection and Prevention Principles from the NIST Guide to Intrusion Detection and Prevention System (IDPS) (Links to an external site.).
Intrusion detection systems (IDSs) are network appliances that detect inappropriate, incorrect and disrupting activities on the network. It provides administrators visibility into the network. Traditionally, these devices have been placed between the border router and the firewalls. This architecture has undergone significant changes in recent years because of the changing nature of malware. Organizations are having to deploy multiple IDSs across the network to detect abnormal activities on infrastructure.
Research a minimum of two industry resources (e.g., National Institute for Standards & Technology [NIST], Institute of Electrical and Electronic Engineers [IEEE], and Internet Engineering Taskforce [IETF], etc.) on this topic. (Access the MISM Credible Resource Guide (Links to an external site.) for assistance with finding appropriate credible professional resources.) Use your findings to differentiate between the different types of intrusion detection systems and explain their uses. Describe optimum locations for IDS on a corporate TCP/IP network and explain how IDSs can be used to complement firewalls.
0 comments