In this session we learned about network intrusion detection and analysis.
NIDS: Network-Based Intrusion Detection System used to detect if there are anomalies or suspicious behavior in our personal network.
HIDS: Host-Based Intrusion Detection System
NIPS: Network-Based Intrusion Prevention System used to prevent any attack that is recognized by the system (e.g. ransomware).
Types of IDS:
- Commercial:
- Check point IPS Software Blade
- Next-Generation Intrusion Prevention System (NGIPS)
- Extreme NIPS
- Tipping Point IPS
- Open-Source
- NIDS:
- Snort
- Bro
- Suricata
- Sagan
- HIDS:
- OSSEC
- Fail2Ban
- AIDE
- Samhain
- NIDS: