[go: up one dir, main page]
Scribd
Upload
99 views1 page

Chapter 12: Evading IDS, Firewall and Honeypots

This document discusses intrusion detection systems (IDS), intrusion prevention systems (IPS), and honeypots. It explains that IDS sensors detect threats but do not prevent them, while IPS sensors can block malicious traffic by inspecting traffic inline. The document also notes that Cisco develops IDS and IPS solutions and that an IPS sensor placed inline can protect a network but may introduce delays or become a single point of failure.

Uploaded by

Karen Garza
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
99 views1 page

Chapter 12: Evading IDS, Firewall and Honeypots

This document discusses intrusion detection systems (IDS), intrusion prevention systems (IPS), and honeypots. It explains that IDS sensors detect threats but do not prevent them, while IPS sensors can block malicious traffic by inspecting traffic inline. The document also notes that Cisco develops IDS and IPS solutions and that an IPS sensor placed inline can protect a network but may introduce delays or become a single point of failure.

Uploaded by

Karen Garza
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 1

Chapter 12: Evading IDS, Firewall and Honeypots

Technology Brief
IDS, Firewall and Honeypot Concepts
As the awareness of cyber and network security is increasing day by day, it is very
important to understand the core concepts of Intrusion Detection/Defense System
(IDS) as well as Intrusion Prevention System(IPS). IDS and IPS often create confusion
as both modules are created by multiple vendors and different terminologies used to
define the technical concepts are also same. Sometimes the same technology may be
used for detection and prevention of some threat.
Just like other products, Cisco also has developed a number of solutions for
implementing IDS/IPS for the security of the network. In the first phase of this
section, different concepts will be discussed before moving to the different
implementation methodologies.
Intrusion Detection Systems (IDS)
The placement of sensor within a network differentiates the functionality of IPS over
the IDS. When sensor is placed in line with the network, i.e., the common in/out of
specific network segment terminates on a hardware or logical interface of the sensor
and goes out from second hardware or logical interface of the sensor, then every single
packet will be analyzed and pass through sensor only if does not contain anything
malicious. By dropping the traffic malicious traffic, the trusted network or a segment
of it can be protected from known threats and attacks. This is the basic working of
Intrusion Prevention System (IPS). However, the inline installation and inspection of
traffic may result in a slighter delay. IPS may also become a single point of failure for
the whole network. If ‘fail-open’ mode is used, the good and malicious traffic will be
allowed in case of any kind of failure within IPS sensor. Similarly, if ‘fail-close’ mode is
configured, the whole IP traffic will be dropped in case of sensor’s failure.

Figure 12-01. In-line Deployment of IPS Sensor

Page 360 of 503

You might also like