Detection

• Intrusion Detection/Prevention (IDS/IPS)

  • Monitors for broader range of attacks

  • "Real time"

  • Can block attacks (IPS)

  • Prone to false alarms (false positives)

  • Relatively expensive

  • Network (NIPS) and Host (HIPS) based

    • Network: appliance

    • Host: software, may include integrity checking

  • Good supplement for firewall