Please enable JavaScript.
Coggle requires JavaScript to display documents.
Implementing Intrusion Prevention - Coggle Diagram
Implementing Intrusion Prevention
Cisco Security intelligence operation
Reputation score
Signature version
Victim ip address
Attacker port
Signature id
Attacker ip address
Maximum segment size
Victim port
TCP options string
Risk rating
Advantages IPS
Stops trigger packets
Can use stream normal normalization techniques
IPS Technologies
Describe the advantages and disadvantages of IDS and IPS
Explain Zero-day attacks
Understand how to monitor , detect and stop attacks
Works passively
Requires traffic to be mirrored in order tot reach it
Network traffic does not pass through the IDS unless it is
mirrored
Disadvantages IPS
Some imppact on network
Sensor issues might affect network traffic
Sensor overloading impacts the network
Network IPS
Advantages
Operating system independent
Is cost-effective
Not visible on the network
Lower level network events seen
Disadvantages
Cannot examine encrypted traffic
Cannot determine whether an attack was successful
IDS Advantages
No network impact if there is a sensor overload
No impact on network
No network impact if there is a sensor failure
Host Based and Network Based IPS
Host Based IPS
Provides openrating system and application level protecition
Provides protection specific to a host openrating system
Protects the host after the message in decrypted
Network-bassed IPS
Cost effective
Openrating system independent
Disadvantages
Host-bassed IPS rating system dependent
Operating system dependent
Must be intalled on all hosts
Network-bassed IPS
Cannot examine encrypted traffic
Must stop mallcious traffic prior to arriving at host
Disadvantages IDS
More vulnerable to network security evasion techniques
Response action cannot stop trigger
Correct tuning required for response actions
IPS solution
Security budget
Amount of network traffic
Network topology
Available security staff to manage IPS