IDS AND IPS by https://padlet.com/muhdazreen18/idsandips Muhammad Azreen Bin Zullkeflee 01DIS17F2005 en-us 2019-09-04 02:12:52 UTC 2019-09-04 03:01:12 UTC hello@padlet.com https://padlet.pics/1/image.webp?t=g_auto&url=https%3A%2F%2Fpadlet.net%2Ficons%2Fpng%2F1f928.png What is IDS and IPS ? muhdazreen18 https://padlet.com/muhdazreen18/idsandips/wish/379719941 1. An intrusion detection system (IDS): is a system that monitors network traffic for suspicious activity and issues alerts when such activity is discovered. While anomaly detection and reporting is the primary function, some intrusion detection systems are capable of taking actions when malicious activity or anomalous traffic is detected, including blocking traffic sent from suspicious IP addresses.

2. Intrusion Prevention Systems (IPS): live in the same area of the network as a firewall, between the outside world and the internal network. IPS proactively deny network traffic based on a security profile if that packet represents a known security threat.

The main difference between them is that IDS is a monitoring system, while IPS is a control system
]]> 2019-09-04 02:19:30 UTC https://padlet.com/muhdazreen18/idsandips/wish/379719941 IDS and IPS tools muhdazreen18 https://padlet.com/muhdazreen18/idsandips/wish/379721360
  • SolarWinds Security Event Manager
  • SNORT
  • Security Onion
  • Bro Network Security Monitor
  • WinPatrol
  • Osquery

    • ]]>     2019-09-04 02:25:04 UTC https://padlet.com/muhdazreen18/idsandips/wish/379721360     Differences between proxy server and packet filtering ? muhdazreen18 https://padlet.com/muhdazreen18/idsandips/wish/379723228 A packet filter examines each packet's IP header to control the network traffic into and out of your network. It is the most basic feature of a firewall. If the packet header information is valid, then the firewall allows the packet. If the packet header information is not valid, the firewall drops the packet while  a proxy uses the same procedure to examine the packet header information as a packet filter, but it also examines the packet content. If the content does not match the criteria you set in your rules, the proxy takes action, such as denying the packet or stripping the content from the packet. A proxy operates at the application layer, as well as the network and transport layers of a TCP/IP packet, while a packet filter operates only at the network and transport protocol layer. Proxies can prevent potential threats from reaching your network without blocking the entire connection.]]> 2019-09-04 02:31:33 UTC https://padlet.com/muhdazreen18/idsandips/wish/379723228 Bastion Host muhdazreen18 https://padlet.com/muhdazreen18/idsandips/wish/379724083 A bastion host is a specialized computer that is deliberately exposed on a public network. From a secured network perspective, it is the only node exposed to the outside world and is therefore very prone to attack. It is placed outside the firewall in single firewall systems or, if a system has two firewalls, it is often placed between the two firewalls or on the public side of a demilitarized zone (DMZ).

    The bastion host processes and filters all incoming traffic and prevents malicious traffic from entering the network, acting much like a gateway. The most common examples of bastion hosts are mail, domain name system, Web and File Transfer Protocol (FTP) servers. Firewalls and routers can also become bastion hosts,
    ]]>     2019-09-04 02:34:54 UTC https://padlet.com/muhdazreen18/idsandips/wish/379724083     Honeypot and how this device can prevent the internal network muhdazreen18 https://padlet.com/muhdazreen18/idsandips/wish/379724566 Honeypot are cyber systems and processes set up to appear operational to collect information on threat behavior and vectors. Real or simulated systems and processes are configured to appear as if they are real systems, often with vulnerabilities. Many of the previously described sensors are inserted within and around honeypots to collect data on threat behaviors. Honeypots have been used for everything from single servers to networks of servers, through client processes and files or information. Honeypots are a common technique and tool for sensoring uncontrolled threat sources]]> 2019-09-04 02:36:59 UTC https://padlet.com/muhdazreen18/idsandips/wish/379724566 muhdazreen18 https://padlet.com/muhdazreen18/idsandips/wish/379724569 2019-09-04 02:37:00 UTC https://padlet.com/muhdazreen18/idsandips/wish/379724569 muhdazreen18 https://padlet.com/muhdazreen18/idsandips/wish/379725472 2019-09-04 02:40:54 UTC https://padlet.com/muhdazreen18/idsandips/wish/379725472