A4_4884_Nielsen

.docx

School

Daytona State College *

*We aren’t endorsed by this school

Course

CET4884

Subject

English

Date

Feb 20, 2024

Type

docx

Pages

3

Uploaded by Turt389

Report
Hunter Nielsen CET4884 11/15/23 Prof. Yousef School of Engineering Technology CET4884: Security Methods and Practice Assignment 4 There are many IDS and IPS systems that is been used on an individual and organizational levels. Those systems are very important to protect our personal information and the company’s information system. Watch the Module lecture, read related course material, and use external resources to answer the following questions: 1. Is the IDS the same as a firewall? Explain the differences 2. Explain the terms False Positive and False Negative providing an example for each one of them 3. The textbook mentioned three IDPS technologies (Network-Based, Wireless, and Host-based) but actually there is a fourth IDPS technology that is called Network Behavior Analysis (NBA) explain this type of technology providing the difference between NBA and Network-Based Technology. 4. Should organizations consider using multiple IDPS technologies? Why? Explain in details and support your argument with external references (note: don’t use Wikipedia as one of your references) 5. Identify some of the methods used to gain knowledge about a specific IDPS product.
Hunter Nielsen CET4884 11/15/23 Prof. Yousef Assignment #4 1. IDS, Intrusion Detection System, and firewalls are similar but different within network security. While a firewall primarily focuses on controlling network traffic by allowing or blocking connections based on predefined rules, an IDS focuses on monitoring and detecting potential security threats or policy violations within the network or system. 1 2. The terms “False Positive” and “False Negative” in this sense are in reference to the outcomes of security alerts and detections. A false positive is when a system incorrectly identifies legitimate activity as malicious. Basically, setting off a “false” alarm about something fine. Such as if you got an error that a connection was lost, but upon a quick refresh there could be no connection issues. On the other hand, a false negative could be more unpleasant, as it would imply, a false negative is when a system incorrectly recognizes or fails to detect an abnormality or threat. This means the system could potentially overlook malicious problems. 3. Network Behavior Analysis is an IDPS technology that monitors network traffic and analyzes patterns and behaviors to identify deviations from normal network behavior. It establishes a baseline of normal network behavior and employs various techniques, such as statistical analysis, machine learning, and heuristics, to detect anomalies that may indicate security incidents or policy violations. The difference between NBA and Network-Based technology is that NIDS focus on inspecting network traffic in real time to look, detect, and prevent intrusions or malicious activity. 2 Different IDPS technologies have varying strengths and weaknesses. Such as the different types being Signature-based, Anomaly-based, or Protocol-based. By using multiple technologies, organizations can cover a broader range of threats and attack vectors. 4. In a world that is always changing, it’s best for organizations to have multiple plans and systems in place for security. As DDoS attacks get more severe, as firewalls are broken down, and as hackers learn more, its clear that our security must grow with us. By using different IDPS you will strengthen your diverse range of detection techniques and have comprehensive threat coverage to keep things
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help