Network Design for Intrusion Protection
Identifying unauthorized use, misuse and attacks on information systems is defined as intrusion detection. An intrusion detection system (IDS) is a device or software application that monitors a network or systems for malicious activity or policy violations. In this course we will first learn about the Internet and Intranets as well as understanding public and private Security Zones, Firewalls and types of Firewalls. From there we will define networks and types of networks including the Flat Network, Public Internet, VLANs, SD-WAN and MPLS, and Leased Lines.
It is important to understand that any malicious activity or violation is typically reported either to an administrator or collected centrally using a security information and event management (SIEM) system. A SIEM system combines outputs from multiple sources, and uses alarm filtering techniques to distinguish malicious activity from false alarms. In this course we will start to understand the dangers including the Bad Guys, Botnets and Crime Gangs, Nation State, Hacktivist, and Script Kiddies. Next we will define defense in depth including the layered approach and learn about what can happen and how to prevent it using a Prophylactic approach.