2 cissp ® Official Study Guide Eighth Edition

Intrusion Detection and Prevention Systems

Download 19,3 Mb.

Pdf ko'rish

bet	703/881
Sana	08.04.2023
Hajmi	19,3 Mb.
	#925879

1 ... 699 700 701 702 703 704 705 706 ... 881

Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

Intrusion Detection and Prevention Systems
The previous section described many common attacks. Attackers are constantly modifying
their attack methods, so attacks typically morph over time. Similarly, detection and preven-
tion methods change to adapt to new attacks. Intrusion detection systems (IDSs) and intru-
sion prevention systems (IPSs) are two methods organizations typically implement to detect
and prevent attacks.
An
intrusion
occurs when an attacker can bypass or thwart security mechanisms and
gain access to an organization’s resources.
Intrusion detection
is a specifi c form of monitor-
ing that monitors recorded information and real-time events to detect abnormal activity
indicating a potential incident or intrusion. An
intrusion detection system (IDS)
automates
the inspection of logs and real-time system events to detect intrusion attempts and system
failures. Because an IPS includes detection capabilities, you’ll often see them referred to as
intrusion detection and prevention systems (IDPSs).
IDSs are an effective method of detecting many DoS and DDoS attacks. They can rec-
ognize attacks that come from external connections, such as an attack from the internet,
and attacks that spread internally such as a malicious worm. Once they detect a suspicious
event, they respond by sending alerts or raising alarms. In some cases, they can modify the
environment to stop an attack. A primary goal of an IDS is to provide a means for a timely
and accurate response to intrusions.
An IDS is intended as part of a defense-in-depth security plan. It will work
with, and complements, other security mechanisms such as firewalls, but
it does not replace other security mechanisms.
An intrusion prevention system (IPS) includes all the capabilities of an IDS but can also
take additional steps to stop or prevent intrusions. If desired, administrators can disable
these extra features of an IPS, essentially causing it to function as an IDS.
You’ll often see the two terms combined as intrusion detection and prevention systems
(IDPSs). For example, NIST SP 800-94, “Guide to Intrusion Detection and Prevention
Systems,” provides comprehensive coverage of both intrusion detection and intrusion pre-
vention systems, but for brevity uses IDPS throughout the document to refer to both. In this

Implementing Detective and Preventive Measures
757
chapter, we are describing methods used by IDSs to detect attacks, how they can respond
to attacks, and the types of IDSs available. We are then adding information on IPSs where
appropriate.

Download 19,3 Mb.

Do'stlaringiz bilan baham:

1 ... 699 700 701 702 703 704 705 706 ... 881