Types Of Detection CCNP
1.1.1 Types Of Detection
1.1.1.1 Signature Detection
Protecting the network against known attacks. Attackers often attack networks through tried and tested techniques from previously successful methods. These threats have been analyzed by network security engineers and a listed profile, or specific signature has been created. Signature detection methods examine network by looking for the threat’s fingerprint inside the network traffic and matching against an internal database of known attacks. Once an attack signature is determined, the security device delivers an attack response, mostly in a form of simple alarm or alert.
Success in preventing these threats depends on the minute database of attack signatures, compiled from previous records. The drawback to systems on signature detection is clear: they can only detect threats for which there is a defined signature. If signature detection methods are employed to protect networks, the network is protected against known attacks only.
1.1.1.2 Anomaly Detection
Protecting against unknown attacks.
Anomaly detection techniques are required when hackers find out new security weaknesses and run to develop the new weakness. After that there are no existing threat signatures. For example Code Red virus which could not be sensed through an existing signature. To identify these first strikes, IDS can use anomaly detection methods, in which network traffic is compared with a baseline to recognize irregular and harmful behavior. These anomaly methods are looking for numerical abnormalities in the data, as well as protocol doubts and application activity.
1.1.1.3 Denial of Service (DoS) Detection
Protecting against network and system overload.
DoS and Distributed DoS attacks deny legal users access to serious network services. Attackers achieve this by inducting attacks that consume network bandwidth or host processing cycles or other network resources. DoS attacks is causing some of the biggest brands to let down users and investors as Web sites became unreachable to users and partners sometimes for up to whole day. IDS manufactured goods often compare current traffic activities with adequate normal activity to detect DoS attacks, while normal traffic is distinguished by a set of pre-programmed entries. This can guide to false alarms being missed due to the attack traffic is below the threshold
1.1.1.1 Signature Detection
Protecting the network against known attacks. Attackers often attack networks through tried and tested techniques from previously successful methods. These threats have been analyzed by network security engineers and a listed profile, or specific signature has been created. Signature detection methods examine network by looking for the threat’s fingerprint inside the network traffic and matching against an internal database of known attacks. Once an attack signature is determined, the security device delivers an attack response, mostly in a form of simple alarm or alert.
Success in preventing these threats depends on the minute database of attack signatures, compiled from previous records. The drawback to systems on signature detection is clear: they can only detect threats for which there is a defined signature. If signature detection methods are employed to protect networks, the network is protected against known attacks only.
1.1.1.2 Anomaly Detection
Protecting against unknown attacks.
Anomaly detection techniques are required when hackers find out new security weaknesses and run to develop the new weakness. After that there are no existing threat signatures. For example Code Red virus which could not be sensed through an existing signature. To identify these first strikes, IDS can use anomaly detection methods, in which network traffic is compared with a baseline to recognize irregular and harmful behavior. These anomaly methods are looking for numerical abnormalities in the data, as well as protocol doubts and application activity.
1.1.1.3 Denial of Service (DoS) Detection
Protecting against network and system overload.
DoS and Distributed DoS attacks deny legal users access to serious network services. Attackers achieve this by inducting attacks that consume network bandwidth or host processing cycles or other network resources. DoS attacks is causing some of the biggest brands to let down users and investors as Web sites became unreachable to users and partners sometimes for up to whole day. IDS manufactured goods often compare current traffic activities with adequate normal activity to detect DoS attacks, while normal traffic is distinguished by a set of pre-programmed entries. This can guide to false alarms being missed due to the attack traffic is below the threshold