Intrusion Detection Systems

  1. IDS Classification by Deployment Location
    1. Network-Based Intrusion Detection Systems
      1. Architecture and Placement
        1. Network Segment Monitoring
          1. Inline vs. Passive Deployment
            1. Promiscuous Mode Operation
            2. Data Collection Methods
              1. Network TAPs
                1. SPAN Ports
                  1. Packet Capture
                    1. Flow-Based Monitoring
                    2. Monitoring Scope
                      1. Perimeter Networks
                        1. Internal Network Segments
                          1. DMZ Monitoring
                            1. Remote Access Points
                            2. Advantages and Limitations
                              1. Network-Wide Visibility
                                1. Encrypted Traffic Challenges
                                  1. Scalability Considerations
                                    1. Performance Impact
                                  2. Host-Based Intrusion Detection Systems
                                    1. Architecture and Components
                                      1. Agent-Based Monitoring
                                        1. Agentless Monitoring
                                          1. Centralized Management
                                            1. Distributed Processing
                                            2. Data Sources and Collection
                                              1. System Logs
                                                1. File System Monitoring
                                                  1. Process and Service Monitoring
                                                    1. Registry Monitoring
                                                      1. API Call Monitoring
                                                      2. Deployment Models
                                                        1. Endpoint Agent Installation
                                                          1. Server-Based Deployment
                                                            1. Virtual Machine Monitoring
                                                              1. Container Monitoring
                                                              2. Advantages and Limitations
                                                                1. Deep Host Visibility
                                                                  1. Resource Overhead
                                                                    1. Management Complexity
                                                                      1. Scalability Challenges
                                                                    2. Hybrid and Specialized Systems
                                                                      1. Application-Based IDS
                                                                        1. Database Activity Monitoring
                                                                          1. Web Application Monitoring
                                                                            1. Wireless Network IDS
                                                                              1. Cloud-Based IDS

                                                                            Previous

                                                                            2. Fundamental Concepts and Terminology

                                                                            Go to top

                                                                            Next

                                                                            4. IDS Classification by Detection Methodology