Network Security and Intrusion Detection

  1. Intrusion Detection Systems
    1. IDS Classification
      1. Detection Scope
        1. Network-based IDS
          1. Host-based IDS
            1. Distributed IDS
            2. Detection Method
              1. Signature-based IDS
                1. Anomaly-based IDS
                  1. Hybrid IDS
                  2. Response Capability
                    1. Passive IDS
                      1. Active Response IDS
                    2. Network-based IDS
                      1. NIDS Architecture
                        1. Sensor Components
                          1. Management Components
                            1. Database Components
                              1. Console Components
                              2. NIDS Deployment
                                1. Sensor Placement Strategies
                                  1. Perimeter Monitoring
                                    1. Internal Network Monitoring
                                      1. Critical Asset Monitoring
                                      2. Network Taps
                                        1. Active Taps
                                          1. Passive Taps
                                            1. Tap Placement Considerations
                                            2. SPAN Ports
                                              1. Port Mirroring Configuration
                                                1. SPAN Port Limitations
                                                  1. Traffic Aggregation
                                                2. NIDS Data Collection
                                                  1. Packet Capture Methods
                                                    1. Traffic Sampling
                                                      1. Flow-based Monitoring
                                                        1. Protocol Analysis
                                                        2. NIDS Challenges
                                                          1. High-Speed Networks
                                                            1. Encrypted Traffic
                                                              1. Network Segmentation
                                                                1. Scalability Issues
                                                              2. Host-based IDS
                                                                1. HIDS Architecture
                                                                  1. Agent-based Architecture
                                                                    1. Agentless Architecture
                                                                      1. Centralized Management
                                                                      2. HIDS Monitoring Capabilities
                                                                        1. File Integrity Monitoring
                                                                          1. Critical File Monitoring
                                                                            1. Registry Monitoring
                                                                              1. Configuration Change Detection
                                                                              2. Log Analysis
                                                                                1. System Log Monitoring
                                                                                  1. Application Log Monitoring
                                                                                    1. Security Log Analysis
                                                                                    2. Process Monitoring
                                                                                      1. Process Creation Monitoring
                                                                                        1. Process Behavior Analysis
                                                                                          1. Memory Analysis
                                                                                          2. Network Activity Monitoring
                                                                                            1. Local Network Connections
                                                                                              1. Port Usage Monitoring
                                                                                                1. DNS Query Monitoring
                                                                                              2. HIDS Deployment Considerations
                                                                                                1. Agent Installation
                                                                                                  1. Resource Impact
                                                                                                    1. Policy Management
                                                                                                      1. Update Management
                                                                                                    2. Specialized IDS Types
                                                                                                      1. Protocol-based IDS
                                                                                                        1. Protocol-specific Analysis
                                                                                                          1. Protocol Anomaly Detection
                                                                                                            1. Deep Protocol Inspection
                                                                                                            2. Application Protocol-based IDS
                                                                                                              1. Web Application Monitoring
                                                                                                                1. Database Activity Monitoring
                                                                                                                  1. Email Security Monitoring
                                                                                                                  2. Wireless IDS
                                                                                                                    1. RF Monitoring
                                                                                                                      1. Rogue Access Point Detection
                                                                                                                        1. Wireless Attack Detection
                                                                                                                        2. Cloud-based IDS
                                                                                                                          1. Cloud Service Monitoring
                                                                                                                            1. Virtual Machine Monitoring
                                                                                                                              1. Container Monitoring
                                                                                                                            2. IDS Data Sources
                                                                                                                              1. Network Traffic Data
                                                                                                                                1. Full Packet Capture
                                                                                                                                  1. Storage Requirements
                                                                                                                                    1. Retention Policies
                                                                                                                                      1. Analysis Tools
                                                                                                                                      2. Packet Headers
                                                                                                                                        1. Header Field Analysis
                                                                                                                                          1. Protocol Stack Analysis
                                                                                                                                          2. Flow Records
                                                                                                                                            1. NetFlow
                                                                                                                                              1. sFlow
                                                                                                                                                1. IPFIX
                                                                                                                                              2. System and Application Logs
                                                                                                                                                1. Operating System Logs
                                                                                                                                                  1. Windows Event Logs
                                                                                                                                                    1. Unix/Linux Syslog
                                                                                                                                                      1. Authentication Logs
                                                                                                                                                      2. Application Logs
                                                                                                                                                        1. Web Server Logs
                                                                                                                                                          1. Database Logs
                                                                                                                                                            1. Custom Application Logs
                                                                                                                                                            2. Security Device Logs
                                                                                                                                                              1. Firewall Logs
                                                                                                                                                                1. VPN Logs
                                                                                                                                                                  1. Authentication Server Logs
                                                                                                                                                                2. System Call Monitoring
                                                                                                                                                                  1. System Call Interception
                                                                                                                                                                    1. Behavioral Analysis
                                                                                                                                                                      1. Anomaly Detection
                                                                                                                                                                      2. File System Monitoring
                                                                                                                                                                        1. File Access Monitoring
                                                                                                                                                                          1. File Modification Detection
                                                                                                                                                                            1. Directory Structure Changes

                                                                                                                                                                        Previous

                                                                                                                                                                        4. Introduction to Intrusion Detection and Prevention

                                                                                                                                                                        Go to top

                                                                                                                                                                        Next

                                                                                                                                                                        6. Intrusion Prevention Systems