Timestamp: 15:44:01, October 13, 2020
Preliminary summary: IDS and IPS concepts, classification, and evaluation standards
IDs is the abbreviation of "Intrusion Detection Systems" in English, and Chinese means "Intrusion Detection Systems".
In the industry, it is to monitor the operation status of the network and system through software and hardware in accordance with a certain security strategy.
As far as possible, various attack attempts, attack behaviors, or attack results should be discovered to ensure the opportunity of network system resources.
Confidentiality, integrity and availability. Do-an image metaphor: If the firewall is the door lock of a building, then
Ds is the surveillance system in this building. Once the thief climbs the window to enter the building, or the insider has crossed the line
Only the real-time monitoring system can detect the situation and issue a warning.
psIDS is equivalent to monitoring, firewall is equivalent to lock, security is IPS, just an alarm detection
The origin of IDS
PS network-based IDS, and host-based IDS, related mirror port operations.
Re-intelligence and distributed development.
Principles of intrusion detection
PS Before and after the event, disconnect, collect evidence, and implement data recovery.
--General model of intrusion detection
The classification of intrusion detection is based on the network (in actual use)
The information source classification of PS intrusion detection is suitable for fewer hosts. Fewer monitors, less resources,
PS is based on feature comparison.
Section 58:
Intrusion detection process
2) Match the network data packet header
Perform data analysis, three
Judgment of abnormal situation[]
Pattern matching, statistical analysis, completeness analysis
Section 60: IDS performance indicators and evaluation criteria
Matching of equipment performance and corresponding data sources
Evaluation indicators: false negatives and false positives, good products
Section 60: IPS---Intrusion Prevention System
Section 61:
How does PS evaluate the intrusion prevention system