Intrusion detection systems have fundamental flaws in their designs and functionalities. Intrusion detection does not necessarily prevent intrusions. As more organizations encrypt traffic, it becomes increasingly difficult to track intrusions because IDSs have no capabilities to examine encrypted traffic and are, therefore, unable to recognize problems and create alerts. Engineers rely heavily on IDSs to fight hackers. If configured improperly, the IDS will generate false positive alerts, which can be disastrous to the organization. Too many alerts can cause security administrators to become complacent and overlook important events. Several studies have shown that detections of negative security events can take over six months.
In this discussion, you are going to look at the role of IDSs in protecting digital assets. Research a minimum of three industry publications (e.g., National Institute for Standards & Technology [NIST], Institute of Electrical and Electronic Engineers [IEEE], Internet Engineering Taskforce [IETF], etc.) on this topic. Address the differences and similarities between IDS and intrusion protection systems (IPS). Explain some of the difficulties associated with configuring and maintaining IDSs, given the changing pattern of traffic on networks. Considering these issues, explain why organizations rely heavily on IDSs, even though they do not prevent hackers from penetrating an infrastructure. Support your statements with evidence from your sources.
Recent Comments