Identifying Malicious Traffic on the Network
Sensors can identify malicious traffic in many different ways. This section examines some of the techniques used by IPS and IDS sensors.
When the sensor is analyzing traffic, it looks for malicious traffic based on the rules that are currently in place on that sensor. There are several different methods that sensors can be configured to use to identify malicious traffic, including the following:
Signature-based IPS/IDS
Policy-based IPS/IDS
Anomaly-based IPS/IDS
Reputation-based IPS/IDS
Let’s take ...
Get Santos:CCNA Sec 210-260 OCG now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.