Ashford University Week 3 Intuition Detection System Discussion

User Generated


Business Finance

ashford university


Discussion: Due Jul/15

Intrusion detection systems have fundamental flaws in their designs and functionalities. Intrusion detection does not necessarily prevent intrusions. As more organizations encrypt traffic, it becomes increasingly difficult to track intrusions because IDSs have no capabilities to examine encrypted traffic and are, therefore, unable to recognize problems and create alerts. Engineers rely heavily on IDSs to fight hackers. If configured improperly, the IDS will generate false positive alerts, which can be disastrous to the organization. Too many alerts can cause security administrators to become complacent and overlook important events. Several studies have shown that detections of negative security events can take over six months.

In this discussion, you are going to look at the role of IDSs in protecting digital assets. Research a minimum of three industry publications (e.g., National Institute for Standards & Technology [NIST], Institute of Electrical and Electronic Engineers [IEEE], Internet Engineering Taskforce [IETF], etc.) on this topic. Address the differences and similarities between IDS and intrusion protection systems (IPS). Explain some of the difficulties associated with configuring and maintaining IDSs, given the changing pattern of traffic on networks. Considering these issues, explain why organizations rely heavily on IDSs, even though they do not prevent hackers from penetrating an infrastructure. Support your statements with evidence from your sources.

Your initial post should be a minimum of 250 words.

Assignment : Due Jul/19

Prior to beginning work on this assignment, please read Chapter 21 in the textbook as well as Chapter 2: Intrusion Detection and Prevention Principles from the NIST Guide to Intrusion Detection and Prevention System (IDPS) (Links to an external site.).

Intrusion detection systems (IDSs) are network appliances that detect inappropriate, incorrect and disrupting activities on the network. It provides administrators visibility into the network. Traditionally, these devices have been placed between the border router and the firewalls. This architecture has undergone significant changes in recent years because of the changing nature of malware. Organizations are having to deploy multiple IDSs across the network to detect abnormal activities on infrastructure.

Research a minimum of two industry resources (e.g., National Institute for Standards & Technology [NIST], Institute of Electrical and Electronic Engineers [IEEE], and Internet Engineering Taskforce [IETF], etc.) on this topic. (Access the MISM Credible Resource Guide (Links to an external site.) for assistance with finding appropriate credible professional resources.) Use your findings to differentiate between the different types of intrusion detection systems and explain their uses. Describe optimum locations for IDS on a corporate TCP/IP network and explain how IDSs can be used to complement firewalls.

User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

View attached explanation and answer. Let me know if you have any questions.



Student’s Name
Institution Affiliation

Intrusion Detection Systems
Today, most organizations have adopted technology in their operations, which has
increased their risk of experiencing cyber-attacks. As such, organizations are increasingly taking
measures aimed at mitigating cyber-attacks. In particular, organizations are increasingly adopting
the use of Intrusion Detection Systems (IDS) and Intrusion Protection Systems (IPS) to secure
their systems and network from attack (Liang & Ma, 2021). One of the similarities between IDS
and IPS is that they are both software and devices used to help prevent systems from cyber threats.
However, one of the differences between IDS and IPS is that IDS helps detect malicious activity,
unusual activity, or policy violations and raises the alarm in real-time. In contrast, IPS helps
prevent unusual activity, unusual activity, and policy violations (Liang & Ma, 2021). Another
difference between IDS and IPS is that IDS requires human intervention to work, while IPS does
not require human intervention because it can function automatically.
Today, organizations are increasingly finding the configuration and maintenance of IDNs
very challenging. One of the reasons why configuration and maintenance of the IDM and IPM are
problematic is because illegal hackers are continuously finding new ways of exploiting system
vulnerabilities to carry out cyber-crime. As a result, using IDM does not effectively protect
systems from attack. Another difficulty associated with configuring and maintaining IDM is that
it detects many activities that can be considered unusual and send the information to an operator.
The operator may receive so many notifications that do not call for severe interventions, making
them complacent. As such, they may fail to notice incidences when the threat is serious, which
puts systems in great danger.
Even though IDSs do not effectively help in preventing...

I was having a hard time with this subject, and this was a great help.


Related Tags