Manualshelf

Datasheet

ManualsBrandsFor Dummies ManualsSoftware978-0-470-64748-6
11121314151617181920
464
Looking at Security Devices
There are two main types of intrusion detection systems:
Host-based IDS: This is typically software installed on the system that
monitors activity on that one system. If suspicious activity is found on
the system an alert is generated and the administrator is notified.
Network-based IDS: Monitors network traffic and identifies suspicious
traffic on the entire network, not just one system! The network-based
IDS captures network traffic and then compares that to signatures in the
IDS software. This analysis indicates what type of traffic is considered
suspicious.
What action the IDS takes when suspicious activity is found depends on
what class of intrusion detection system we are talking about. There are two
major classes of intrusion detection systems:
Passive IDS: A passive IDS logs suspicious activity to a file and could
send an alert to the administrator if alerts have been configured. A
passive IDS is normally referred to as just an IDS.
Active IDS: An active IDS logs the suspicious activity, sends an alert to
the administrator, and also takes corrective action such as preventing
the system that is creating the suspicious activity from further accessing
the network.
An active IDS is now known as an intrusion prevention system (IPS).
For the CCENT exam, ensure that you are familiar with the purpose of an intru-
sion detection system. Also, know the difference between an IDS and an IPS.
Switches
I know we talk about switches in detail within Book III, Chapters 3 and 4,
but I want to make sure that I mention switches here as a security device
because switches have some great features that help protect a network
environment. The following are some security features to remember about a
switch:
Filtered traffic: The purpose of a switch is to filter traffic by sending the
traffic to only the port where the destination MAC address of the frame
is connected to the switch. This aids in security, as someone else
connected to the switch cannot easily run a packet sniffer and see all
traffic on the network. Because the traffic is not sent to the port of the
person doing the sniffing, there is no opportunity for that person to
capture and view network traffic.
Port security: Port security is the feature on a switch that allows you to
limit which systems can connect to which ports on the switch. With port
security, you associate the MAC address of a system with the port, and
no other system can connect to that port.
22_647486-bk04ch01.indd 46422_647486-bk04ch01.indd 464 10/15/10 11:27 PM10/15/10 11:27 PM