| Published | 2022-06-04 |
| Platform | Udemy |
| Rating | 4.88 |
| Number of Reviews | 9 |
| Number of Students | 15 |
| Price | $84.99 |
| Instructors |
John Rosario
|
| Subjects |
In this course, you will learn advanced techniques in Intrusion Detection System (IDS).
Welcome to this course. Intrusion detection systems are used to detect anomalies with the aim of catching hackers before they do real damage to a network. An Intrusion Detection System is a monitoring system that detects suspicious activities and generates alerts when they are detected. Based upon these alerts, a security operations center (SOC) analyst or incident responder can investigate the issue and take the appropriate actions to remediate the threat. IDSes can be either network- or host-based. A host-based intrusion detection system is installed on the client computer, while a network-based intrusion detection system resides on the network. Intrusion detection systems work by either looking for signatures of known attacks or deviations from normal activity. These deviations or anomalies are pushed up the stack and examined at the protocol and application layer. They can effectively detect events such as Christmas tree scans and Domain Name System (DNS) poisonings. An IDS may be implemented as a software application running on customer hardware or as a network security appliance. Cloud-based intrusion detection systems are also available to protect data and systems in cloud deployments.
In this course, you'll learn
A network intrusion detection system (NIDS)
It is deployed at a strategic point or points within the network, where it can monitor inbound and outbound traffic to and from all the devices on the network.
A host intrusion detection system (HIDS)
It runs on all computers or devices in the network with direct access to both the internet and the enterprise's internal network. A HIDS has an advantage over an NIDS in that it may be able to detect anomalous network packets that originate from inside the organization or malicious traffic that an NIDS has failed to detect. A HIDS may also be able to identify malicious traffic that originates from the host itself, such as when the host has been infected with malware and is attempting to spread to other systems.
A signature-based intrusion detection system (SIDS)
It monitors all the packets traversing the network and compares them against a database of attack signatures or attributes of known malicious threats, much like antivirus software.
An anomaly-based intrusion detection system (AIDS)
It monitors network traffic and compares it against an established baseline to determine what is considered normal for the network with respect to bandwidth, protocols, ports and other devices. This type often uses machine learning to establish a baseline and accompanying security policy. It then alerts IT teams to suspicious activity and policy violations. By detecting threats using a broad model instead of specific signatures and attributes, the anomaly-based detection method improves upon the limitations of signature-based methods, especially in the detection of novel threats.