Chapter 19

Intrusion Detection/Prevention System

The learning goals for this chapter are as follows:

• Understand the physical location, the operational characteristics and the various functions performed by the Intrusion Detection System/Intrusion Prevention System (IDS/IPS)
• Learn the distinctions between Host-based and Network-based IDS/IPS
• Understand the various approaches and functional properties of both the anomaly/behavior-based and signature-based approaches to intrusion detection
• Explore the details of both Network-based and Host-based IDS/IPS
• Learn the function and operation of a Honeypot
• Explore the algorithms that generate signatures for polymorphic and metamorphic worms
• Learn the architectural configuration and protocols that are ...