tailieunhanh - Lecture CCNA security partner - Chapter 11: Intrusion Prevention Systems

This chapter describes the functions and operations of intrusion detection systems (IDS) and intrusion prevention systems (IPS). It explains the underlying IDS and IPS technology embedded in the Cisco IOS IPS solutions. It describe the use of signatures, the need for IPS alarm monitoring, and the design considerations in deploying IPS. | Intrusion Prevention Systems 1 This chapter describes the functions and operations of intrusion detection systems (IDS) and intrusion prevention systems (IPS). • The fundamentals of intrusion prevention, comparing IDS and IPS • The building blocks of IPS, introducing the underlying technologies and deployment options • The use of signatures in intrusion prevention, highlighting the benefits and drawbacks • The need for IPS alarm monitoring, evaluating the options for event managers • Analyzing the design considerations in deploying IPS Contents Introducing IDS and IPS : • Targeted, mutating, stealth threats are increasingly difficult to detect. • Attackers have insidious motivations and exploit high-impact targets, often for financial benefit or economic and political reasons • Attackers are taking advantage of new ways of communication IDS: • Analyzes copies of the traffic stream • Does not slow network traffic • Allows some malicious traffic into the network IPS: • Works inline in . | Intrusion Prevention Systems 1 This chapter describes the functions and operations of intrusion detection systems (IDS) and intrusion prevention systems (IPS). • The fundamentals of intrusion prevention, comparing IDS and IPS • The building blocks of IPS, introducing the underlying technologies and deployment options • The use of signatures in intrusion prevention, highlighting the benefits and drawbacks • The need for IPS alarm monitoring, evaluating the options for event managers • Analyzing the design considerations in deploying IPS Contents Introducing IDS and IPS : • Targeted, mutating, stealth threats are increasingly difficult to detect. • Attackers have insidious motivations and exploit high-impact targets, often for financial benefit or economic and political reasons • Attackers are taking advantage of new ways of communication IDS: • Analyzes copies of the traffic stream • Does not slow network traffic • Allows some malicious traffic into the network IPS: • Works inline in real time to monitor Layer 2 through Layer 7 traffic and content • Needs to be able to handle network traffic • Prevents malicious traffic from entering the network IPS Fundamentals 3 IDS and IPS technologies share several characteristics: • IDS and IPS technologies are deployed as sensors. An IDS or an IPS sensor can be any of the following devices: • A router configured with Cisco IOS IPS Software • An appliance specifically designed to provide dedicated IDS or IPS services • A network module installed in a Cisco adaptive security appliance, switch, or router • IDS and IPS technologies typically monitor for malicious activities in two spots: • Network: • Hosts: • IDS and IPS technologies use signatures to detect patterns of misuse in network traffic • IDS and IPS technologies look for the following general patterns of misuse: • Atomic pattern • Composite pattern IDS and IPS technologies Intrusion Detection System An IDS monitors traffic offline and generates an alert (log) when it .

• An ninh - Bảo mật
• CCNA Security Partner
• Network Security
• Intrusion Prevention Systems
• IPS fundamentals
• IPS attack responses
• IPS Anti Evasion techniques
• Purpose of security
• Basic security requirements
• Managing the risk
• Risk analysis
• Security strategy
• Cisco borderless Network
• Cisco borderless Network architecture
• Borderless Networks
• Threat control strategy
• Network security threats
• Threat control design
• Security intelligence analysis
• Network Foundation Protection
• Cisco Configuration Professional
• Cisco NFP Framework
• Secure management
• Securing the management plane
• Cisco IOS devices
• Network Time Protocol
• Simple Network Management Protocol
• Native VLANs
• Configuring VLANs
• Configuring Inter VLAN routing
• Spanning Tree
• IPv6 environments
• IPv6 headers
• IPv6 address types
• Configure IPv6 addressing
• Access Control Lists
• Threat mitigation
• Operational framework
• VLSM environments
• Firewall Fundamentals
• Network Address Translation
• Firewall technologies
• Application layer firewalls
• Cisco IOS Zone Based Firewall
• Cisco IOS Zone Based Policy Firewall
• Fundamentals of cryptography
• VPN technologies
• Public Key Infrastructure
• IPsec fundamentals
• IPsec protocol
• IPsec’s main components
• Site to Site IPsec VPNs
• Cisco IOS Routers
• VPN configuration
• Cisco SSL VPNs
• Protocol framework
• Cisco VPN clientless mode
• Cisco full tunnel mode