Networking Fundamentals, 3rd Edition page 454

Copyright Goodheart-Willcox Co., Inc. 454 Networking Fundamentals Figure 15-7 An intrusion prevention system (IPS) actively monitors all packets by detecting unauthorized activity and performing some function to stop the activity. Internet IPS Client (workstation icon) RedlineVector/Shutterstock.com (server icon) fullvector/Shutterstock.com (hub icon) Vadim Ermak/Shutterstock.com Goodheart-Willcox Publisher Th e detection system can be either host-based or network-based. A host-based system is installed on an individual computer, where it monitors and prevents un- authorized activity. Network-based systems monitor and protect the entire network. Both IDS and IPS can generate false positives. A false positive is when a fi le is detected and perceived as harmful to the system. Th e fi le is then quarantined or de- leted, and a notice is sent to the system administrator. After reviewing the fi le, it is typically found to be a driver update that was downloaded with the intention of being installed automatically or some other equally harmless fi le. A perfect IDS/IPS solu- tion does not exist, nor will one likely ever be attained. Network IDS and IPS typically require some form of port monitoring. Port monitoring is when a particular port on a switch is connected directly to the IDS or IPS and monitors all activity through another port on the same switch. In other words, two ports carry identical packet information. One port is used to carry packets to other parts of the network while the other port (the mirror) analyzes the packets. Another related security device is a honey pot. A honey pot is a fake system designed to look attractive to an attacker, for example, it may appear to be a fi nancial database. However, all the data contained within it is fake. An intruder who bypasses other security measures will be attracted to this device. When they begin exfi ltrating data, two things occur. Th e fi rst is that all the data is fake, so no harm is done. Th e second is that a honey pot is usually confi gured with extensive monitoring. Often, all of the attacker’s activities are logged and tracked. Security Methods and Protocols Th e two basic building blocks of secure network communication are authentica- tion and encryption. Th ese security methods are supported by security protocols. Th e concepts presented in this section are critical for a basic understanding of the sophisticated world of network security. 4.6 NET Internet IDS Figure 15-6 An intrusion detection system (IDS) passively monitors all packets and detects unauthorized activity. It does not prevent unauthorized activity. (workstation icon) RedlineVector/Shutterstock.com (server icon) fullvector/Shutterstock.com (hub icon) Vadim Ermak/Shutterstock.com Goodheart-Willcox Publisher

Previous Page Next Page

Networking Fundamentals, 3rd Edition Page 454 (476 of 720)

Resources and Downloads

Help