From the course: CompTIA CySA+ (CS0-002) Cert Prep: 5 Security Operations and Monitoring
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Intrusion detection and prevention
From the course: CompTIA CySA+ (CS0-002) Cert Prep: 5 Security Operations and Monitoring
Intrusion detection and prevention
- [Instructor] Intrusion detection and prevention systems play an extremely important role in the defensive networks against hackers and other security threats. Intrusion detection systems sit on the network and monitor traffic, searching for signs of potentially malicious activity. For example, an intrusion detection system might notice that a request bound for a web server contains a SQL injection attack, that a malformed packet is attempting to create a denial of service, that a user's login attempt seems unusual based upon the time of day and prior patterns of activity, or that a system on the internal network is attempting to contact a botnet command and control server. All of these situations are examples of security issues that administrators would obviously want to know about. Intrusion detection systems identify these issues and then alert administrators to the issue for further investigation. To be useful, an…
Contents
-
-
-
-
(Locked)
Endpoint monitoring3m 23s
-
(Locked)
Malware prevention7m 17s
-
(Locked)
File system integrity monitoring4m 42s
-
(Locked)
Network monitoring4m 20s
-
(Locked)
Protocol analyzers6m 39s
-
(Locked)
DNS harvesting4m 30s
-
(Locked)
Intrusion detection and prevention8m 29s
-
(Locked)
Web security tools3m 40s
-
(Locked)
Impact analysis3m 50s
-
(Locked)
Querying logs7m 10s
-
(Locked)
-
-
-
-
-