Monitoring
Explain intrusion detection.
A key motto of security is “prevention is ideal, but detection is a must.” As long as you have a connection to an untrusted network like the Internet, you will not be able to block every attack. Some attacks will sneak in because you have to allow traffic to flow from a business standpoint. Even if you allow only port 80 traffic into a certain system, an attacker can still attack over that port, and your prevention measures (such as firewalls) will allow it through because they allow Web traffic to that given host. Therefore, you need someone or something to detect attacks in a timely manner. This is done by monitoring your systems and network traffic looking for unusual patterns or things that would be ...
Get CISSP Training Guide now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
