Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint
Share this Page URL
Help

Chapter 1. Introducing Intrusion Detecti... > Approaches to Intrusion Prevention

Approaches to Intrusion Prevention

Signature Based

Although Cisco uses a blend of detection and prevention technologies, signature-based IPS is the primary tool that Cisco IPS solutions use. Cisco releases signatures that are added to the device; they identify a pattern that the most common attacks present. This tool is much less prone to false positives and ensures that the IPS devices stop common threats. This type of approach is also called pattern matching. As different types of attacks are created, these signatures can be added, tuned, and updated to deal with the new attacks.

Anomaly Based

This type of intrusion prevention technology is often called profile based. It attempts to discover activity that deviates from what an engineer defines as “normal.” Because it can be so difficult to define what is normal activity for a given network, this approach tends to be prone to a high number of false positives.


  

You are currently reading a PREVIEW of this book.

                                                                                                                    

Get instant access to over $1 million worth of books and videos.

  

Start a Free Trial


  
  • Safari Books Online
  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint