Video Description

The topics of network intrusion systems and host intrusion detection systems are covered in this module. We point out the passive nature of intrusion detection systems (IDS) vs. intrusion prevention systems (IPS). An IDS is part of a layered defense and consists of several components and processes. Its primary concern is with identifying suspicious behavior, logging the behavior, and finally sending out alerts. It does not actually take any action to prevent or otherwise intervene in the suspicious behavior it detects. Intrusion prevention is concerned with both detection of malicious behavior as well as employing tactics to thwart the effects of the attack. We then cover the main components of an IDS and discuss the two main types: Host-based IDS (HIDS) and Network-based IDS (NDIS). We note the performance overhead that must be considered with a HIDS as well as the pros and cons of each. It's also pointed out that a HIDS can decrypt data which a NIDS is otherwise unable to examine out on the network.

Course Modules