The United States is experiencing disruptive politics, as promised b.docx
There are many IDS and IPS systems that is been used on an individual.docx
1. There are many IDS and IPS systems that is been used on an
individual and organizational levels. Those systems are very
important to protect our personal information and the
company's information system. Watch the Module lecture, read
related course material, and use external resources to answer the
following questions: 1. Is the IDS the same as a firewall?
Explain the differences 2. Explain the terms False Positive and
False Negative providing an example for each one of them 3.
The textbook mentioned three I DPS technologies (Network-
Based, Wireless, and Host-based) but actually there is a fourth
IDPS technology that is called Network Behavior Analysis
(NBA) explain this type of technology providing the difference
between NBA and Network-Based Technology. 4. Should
organizations consider using multiple IDPS technologies? Why?
Explain in details and support your argument with external
references 5. Identify some of the methods used to gain
knowledge about a specific IDPS product
Solution
Answers
(1)
An IDS(Intrusion Detection System) is a software or hardware
device installed on the network to detact the report intrusion
attempts to the network.
A firewall monitors the system based on the rules that are set by
the user and regulates the activity between the system and the
2. internet.
IDS monitors the system for unwanted entry and reports the
same to the user.
A firewall will block traffic based on network information such
as IP Address,network port and network protocol.
It will make some decision based on the state of network.
IDS only monitors traffice. The IDS Contains a database of
known attack signatures.
(2)
False positive
A false positive is any normal behaviour that is identified as
anomalous.
Example
The major problem that false positives create is that they can
easily drown out legitimate IDS alerts.
False negative
A false negative are any alert that should have happened but
didnot.
Example
An overloaded IDS will drop packets potentially causing false
negatives.
(6)
IDPS different methods
1. anomaly detection
2 .signature detection