Week 8
This week, we learned about network intrusion detection and analysis.
NIDS (Network-based Intrusion Detection System) is the tool used to detect abnormalities or unusual behavior in our personal network. It sees traffic flow in the network if there are suspicious activities such as traffic going down. However it does not prevent it, it just detects it. It is like an early warning system that informs the user that someone is trying to attack the network.
NIPS (Network-based Intrusion Prevention System) is the tool used to automatically prevent any attack that is recognized by the system. It is the next step after NIDS. This tool will try to isolate the server affected by ransomware if the tool identified any ransomware.
HIDS -> Host-based Intrusion Detection System
HIPS -> Host-based Intrusion Prevention System
There are two types of IDS; commercial and Open-source. The examples of the commercial one are the Next-Generation Intrusion Prevention System (NGIPS) and Tipping Point IPS. The examples of the Open-source one are Suricata for NIDS and AIDE for HIDS.