CASES.LU

Glossary

  1. ▹ Antivirus
  2. ▹ Assets
  3. ▹ Authentication
  4. ▹ Availability
  5. ▹ Basic criteria for risk analysis
  6. ▹ Computer Hacks
  7. ▹ Confidentiality
  8. ▹ Control
  9. ▹ Cryptography
  10. ▹ Cybercrime
  11. ▹ Cybercriminals
  12. ▹ DRP – Disaster Recovery Plan
  13. ▹ Data backups
  14. ▹ Data loss
  15. ▹ Defacement
  16. ▹ Disinfect machine with a live CD
  17. ▹ Disposal
  18. ▹ Email
  19. ▹ Firewall
  20. ▹ Human error
  21. ▹ IDS/IPS
  22. ▹ Image rights
  23. ▹ Impact
  24. ▹ Integrity
  25. ▹ Internet and copyright
  26. ▹ Legal Aspects
  27. ▹ LuxTrust
  28. ▹ Malicious Codes
  29. ▹ Malicious websites
  30. ▹ Network segmentation
  31. ▹ Password
  32. ▹ Patches
  33. ▹ Phishing
  34. ▹ Physical faults
  35. ▹ Securing a fixed workstation
  36. ▹ Physical theft
  37. ▹ Recommendations for securing a file server
  38. ▹ Recommendations to secure a server connected to Internet
  39. ▹ Recommendations to secure a Web server
  40. ▹ Removable devices
  41. ▹ Risk processing
  42. ▹ Spam – unwanted emails
  43. ▹ SSL/TLS – encryption technologies on the web
  44. ▹ Update softwares with Secunia PSI
  45. ▹ Security Charter
  46. ▹ Social engineering
  47. ▹ Threat
  48. ▹ Virtual Private Networks (VPNs)
  49. ▹ Vulnerabilities
  50. ▹ Web of Trust - WOT
  51. ▹ Web filter – Proxy
  52. ▹ Why is it important to protect your computer?

IDS/IPS

The Intrusion Detection System (IDS)

The Intrusion Detection System, or IDS, plays a special role in IT security. Rather than actively protect the equipment, it works passively, recording network activity and setting off an alarm whenever a suspicious action is detected. This detection may occur using the strategies listed below. However, the complexity of network flows may result in the IDS sounding numerous false alarms, also known as false positives. Therefore, a large amount of post-treatment work needs to be done on the alarm logs to determine which attacks are real and which are false, which can prove tedious. Nevertheless, the IDS can be a very useful tool for identifying risks (threats and vulnerabilities) to which the IT systems may be subject. IDS availability is crucial to the effectiveness of the collected data. The ideal solution is to place it at interconnection points between networks, just like firewalls.

The Intrusion Prevention System (IPS)

The Intrusion Prevention System, or IPS, has been developed to overcome the two major disadvantages of the IDS, namely its passiveness and the generation of false positives. The IPS doesn’t just detect suspicious behaviour, it also blocks it. It uses the same detection system as the IDS and therefore also generates false positives. However, the IPS comes equipped with detection filters and a set of rules that show it how to react correctly: block the network flow, let it through or request human intervention, a bit like a firewall. Once more, to be effective, the IPS must be placed at interconnection points between the networks.

Table of Contents