Having just taken the 640-802 exam this week, may I suggest that you include in a future release of this chapter a brief discussion concerning IDS (Intrusion Detection Systems) and IPS (Intrusion Protection Systems), particularly as they relate to security appliances.

Thanks!

Dave

I agree. A brief description of IDS and IPS is needed in the Security chapter.
I will add a blurb here.
Cheers!
Todd Lammle

For those who have no clue on IDS and IPS, here is a quick guide.

IDS and IPS are used by Internet Service Providers(ISPs) to prevent intrusions into their network.

IDS (Intrusion Detection System)
- REACTIVE in detecting intrusions
- DOES NOT stop traffic from passing to destination, but REACT to detected activity.
- Is software based
- Passively listens to network traffic
- When it detects malicious traffic, it sends an alert to a preconfigured workstation.
- Usually used outside the firewall, on an untrusted network

IPS (Intrustion Prevention System)
- PROACTIVE in detecting intrusions
- Blocks all suspicious activity in real time
- Sends alert message to preconfigured station when it detects malicious traffic.
- Is a detection appliance, NOT software based
- Examines entire data in a packet from Data Layer to Application Layer (Layers 2 to 7).

I agree. A brief description of IDS and IPS is needed in the Security chapter.
I will add a blurb here.
Cheers!
Todd Lammle

Can you post the text of the blurb so that those with earlier printings of the book can manually update their copies?

Thanks

my next post in the iscw will be discussing ids and ips. please look forward to read my post.thanks

Thanks, DC for posting your info. Here is more info too:


• IDS
An intrusion detection system is used to detect several types of malicious behaviors that can compromise the security and trust of a computer system. This includes network attacks against vulnerable services, data driven attacks on applications, host based attacks such as privilege escalation, unauthorized logins and access to sensitive files, and malware (viruses, trojan horses and worms).
• IPS
An intrusion prevention system is a computer security device that monitors network and/or system activities for malicious or unwanted behavior and can react, in real-time, to block or prevent those activities. Network-based IPS, for example, will operate in-line to monitor all network traffic for malicious code or attacks. When an attack is detected, it can drop the offending packets while still allowing all other traffic to pass.

IPS and IDS is really one product in todays world. If you have it in IPS it will block, if you have the solution in IDS it will just monitor and log. Basically IPS/IDS is used to block attacks against vulnerabilities in your network or computer system. IPS/IDS comes in the form of a network appliance or a software you can install on the system itself.

Here is a list of IPS/IDS products (http://jafsec.com/Intrusion-Prevention/Intrusion-Prevention-Detection-A-B.html)

Also here is a good page on IDS and IPS (http://www.internet-computer-security.com/Firewall/IPS.html)