Scribd
Upload
25 views3 pages

Information Security IDPS

The document outlines the fundamentals of Information Security, emphasizing the CIA triad: Confidentiality, Integrity, and Availability. It discusses various hacking tools, intrusion detection systems (IDS), and intrusion prevention systems (IPS), highlighting their types, techniques, and challenges. Additionally, it presents case studies on host-based and network-based IDS, focusing on the integration of machine learning for improved detection and reduced false alarms.

Uploaded by

Abhishek Shukla
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
25 views3 pages

Information Security IDPS

The document outlines the fundamentals of Information Security, emphasizing the CIA triad: Confidentiality, Integrity, and Availability. It discusses various hacking tools, intrusion detection systems (IDS), and intrusion prevention systems (IPS), highlighting their types, techniques, and challenges. Additionally, it presents case studies on host-based and network-based IDS, focusing on the integration of machine learning for improved detection and reduced false alarms.

Uploaded by

Abhishek Shukla
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

Information Security & IDPS - Exam Notes

Fundamentals of Information Security


Information Security refers to the processes and tools designed to protect sensitive business
information from modification, disruption, destruction, and inspection
It ensures confidentiality, integrity, and availability of data.

CIA Triad
CIA stands for Confidentiality, Integrity, and Availability.

- Confidentiality: Ensures that data is not accessed by unauthorized individuals.


- Integrity: Maintains the accuracy and completeness of data.
- Availability: Ensures data is accessible when needed by authorized users.

Different types of Hacking tools


1
Port Scanners (e.g., Nmap)
2
Vulnerability Scanners (e.g., Nessus)
3
Password Crackers (e.g., John the Ripper)
4
Packet Sniffers (e.g., Wireshark)
5
Exploitation Tools (e.g., Metasploit)
6
Keyloggers, RATs (Remote Access Tools), Rootkits

Introduction to Intrusion Detection


Intrusion Detection involves monitoring and analyzing computer systems and network traffic to
detect suspicious activities and potential threats.

Intrusion Detection System (IDS)


IDS is a security system that monitors network or system activities for malicious activities or
policy violations and produces reports to a management station.

Intruder
An intruder is any person or program that attempts to gain unauthorized access to a system or
network.

History of Intrusion Detection


Started in the 1980s, the concept evolved from simple audit log analysis to sophisticated AI-based
systems capable of real-time monitoring.
Information Security & IDPS - Exam Notes (Contd.)
Types of IDS
- Host-Based IDS (HIDS): Monitors activities on individual systems.
- Network-Based IDS (NIDS): Monitors network traffic.
- Anomaly-Based IDS: Detects deviations from normal behavior.

Techniques for IDS


- Signature-Based: Detects known threats using patterns.
- Anomaly-Based: Flags deviations from normal behavior.
- Hybrid-Based: Combines both techniques for better accuracy.

Challenges Of Intrusion Detection Systems


1
High false positives/negatives
2
Difficulty in detecting unknown attacks
3
Performance overhead
4
Encrypted traffic

Intrusion Prevention System (IPS)


IPS actively blocks and prevents identified threats in real-time, unlike IDS which only detects and
alerts.

Types of IPS
- Network-based IPS (NIPS)
- Wireless IPS (WIPS)
- Host-based IPS (HIPS)
- Network Behavior Analysis (NBA)

IPS Process cycle


1
Monitoring
2
Detection
3
Decision Making
4
Prevention/Blocking
5
Logging and Alerting

Detection Method of IPS


1
Signature-Based Detection
2
Anomaly-Based Detection
3
Policy-Based Detection

Comparison of IPS with IDS


- IDS is passive; IPS is active.
- IDS detects and alerts; IPS blocks the attack.
- IPS is placed inline; IDS is out-of-band.

Approaches to Intrusion Detection and Prevention


1
Knowledge-based approach
2
Behavior-based approach
3
Statistical analysis approach
4
Machine learning-based approach

Case Study – Research in Host-Based Intrusion Detection Systems


Studies show that host-based IDS can detect insider threats effectively
Research is focused on integrating ML for better pattern recognition and anomaly detection.

Case Study – Research in Network-Based Intrusion Detection Systems


NIDS are critical for monitoring large-scale networks
Ongoing research is improving detection rates using AI and reducing false alarms with context-aware
systems.

You might also like