InstructionsWrite 1 thread of at least 300 words. Then write 1 reply to the thread below of at least 150 words Research and develop a thread that compares and contrasts Intrusion Detection Systems (ID

Write 1 thread of at least 300 words. Then write 1 reply to the thread below of at least 150 words

Research and develop a thread that compares and contrasts Intrusion Detection Systems (IDS) and Intrusion Protection Systems (IPS). Your thread must include: an introduction statement/paragraph, body paragraph(s), and a conclusion statement/paragraph.

Reply

When setting up a network and putting security measures in place it is important to know what options are available and what they do. Having a basic understanding of security principles and doing some research will create a knowledge base that allows for the development and installment of a layered and effective defense against outsiders that would seek to maliciously interfere with the network. One important aspect of a layered approach to security is the choice to use an intrusion detection system (IDS) or an intrusion protection system (IPS).

Intrusion detection is process where the events and network traffic within a computer or network are monitored and analyzed to look for possible intrusions (Hung-Jen et al., 2013). An IDS is the hardware or software that automates intrusion detection (Hung-Jen et al., 2013). An IPS goes beyond intrusion detection and provides controls with the capability to block activity that is flagged as malicious (“What is”, 2019). Both an IDS and an IPS use signature-based detection and/or anomaly-based detection to find possible intrusions (Hug-Jen et al., 2013; “What is”, 2019).

Signature-based detection compares network traffic and other activity to known attack patterns and vulnerabilities to find intrusions (“What is”, 2019). Anomaly-based detection samples network traffic and compares the sample to predetermined baselines or profiles to flag any anomalies (Hung-Jen et al., 2013; “What is”, 2019). An IDS will only monitor the network or device to find malicious activity; an IPS will perform control actions once malicious activity is found. These control actions can include alerting administrators, dropping packets, blocking incoming traffic from a specific source or sources, or even restarting a connection (“What is”, 2019).

Ultimately the choice between an IDS and an IPS is determined by three factors: pre-existing security measures, cost, and the desired level of automation. Pre-existing security measures may make a company or individual feel secure and they may not see the need for an IDS or an IPS in addition to what is already in place. With the added features and functionality of an IPS the cost is likely to factor into a decision between an IDS and an IPS because of budgetary restrictions. The desired level of automation is also important to consider, a company or individual may not to automate controls that deal directly with malicious traffic, they may only want to flag malicious activity and have manual controls in place to handle any incidents further.

1 Corinthians 9:10 (NLT) “…Yes, it was written for us, so that the one who plows and the one who threshes the grain might both expect a share of the harvest.”. By this principle, those that invest in security will become more secure. Ecclesiastes 3:12-13 (NKJV) “I know that nothing is better for them than to rejoice, and to do good in their lives, and also that every man should eat and drink and enjoy the good of all his labor—it is the gift of God.”.