Skip to content

Ops 401: Class 14

Jump to bottom
Nicholas Loiacono edited this page May 2, 2023 · 2 revisions

This topic matters as it relates to what I'm studying in this module because I should be learning about which tool I should be using in a specific use case, i.e. detect and respond to network-level attacks versus system-level attacks. Additionally, learning about the drawbacks of network-based IDS can help me identify potential limitations and challenges associated with implementing this tool in a network.

List 2 differences between firewalls and an IDS?

  • Firewalls and Intrusion Detection Systems (IDS) are both cybersecurity tools that help protect computer networks, but they operate differently. Firewalls examine network traffic and decide whether to allow or block it based on predefined rules, while IDS monitors network traffic for suspicious activity and alerts administrators if it detects any potential threats. Another difference is that firewalls can actively block traffic, while IDS only detects and alerts on suspicious activity.

Under what circumstances would you choose a network-based IDS over a host-based IDS?

  • A network-based IDS (NIDS) is best suited for detecting threats that traverse the network, such as network-level attacks, malware propagation, and denial-of-service (DoS) attacks. It is an ideal choice for organizations that have large, complex networks with a lot of traffic. On the other hand, a host-based IDS (HIDS) is best suited for detecting threats that are specific to a particular system, such as malware infections, unauthorized access attempts, and changes to critical system files. It is an ideal choice for organizations that have a smaller number of critical systems to protect.

Name 3 major drawbacks of a NIDS?

Network-based IDS (NIDS) has several drawbacks, such as:
  • NIDS can generate a large number of false positives, leading to security teams being overwhelmed with alerts and potentially missing actual security incidents.
  • NIDS requires a lot of processing power and network bandwidth, which can impact network performance and lead to latency.
  • NIDS cannot detect threats that are encrypted or hidden within other network traffic, making it ineffective against some types of advanced threats.

Things I want to know more about are the different detection techniques, deployment options, false positives, management, scalability, threat intelligence integration, and compliance.

References

Rapid7. (2020, October 27). The Pros & Cons of Intrusion Detection Systems. Rapid7. Rapid7 Blog

Clone this wiki locally