From the course: Data-Driven Network Security Essentials
Unlock the full course today
Join today to access over 22,500 courses taught by industry experts or purchase this course individually.
Intrusion detection and prevention systems
From the course: Data-Driven Network Security Essentials
Intrusion detection and prevention systems
- [Instructor] The best defense in network security is to constantly monitor for suspicious activities to either prevent attacks or stop them before they incur significant damage. When a system passively observes network traffic to recognize a security threat it is labeled as an intrusion detection system, or IDS. If the same system has an additional ability to drop network traffic based on it's observation it is called an intrusion prevention system, or IPS. You can configure a system to either act as an IDS or IPS according to your needs. Many traditional IDS's rely on signature-based detection approach. They look for a static pattern in network traffic and find a match from a database of known malicious signatures. Since certain network attacks always begin with sending a certain big pattern, signature-based IDS's are looking for a string consisting of binary numbers constituting the network attack traffic. One of the major weaknesses in this method is that unknown patterns cannot…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.