Part V — Cybersecurity Controls

Chapter 12

Intrusion Detection and Prevention Systems

Domain 5 Lab 6

📖 Key Topics Covered

  • Intrusion Detection and
  • Prevention Systems
  • Distinguish between NIDS and HIDS
  • Describe common IDS/IPS tools including Snort and Suricata
  • Intrusion Detection Systems (IDS)
  • IDS Types
  • WHAT IT MONITORS
  • Network traffic
  • Sees traffic between
  • HIDS (Host‐
  • On individual hosts
  • System logs, file
  • Detection Methods
  • HOW IT WORKS
  • Compares traffic/activity

🔑 Key Terms

An Intrusion Detection System IDS (passive—detect and alert) IPS (active—detect, alert, AND block) Suricata

See the full definitions in the Glossary and test yourself with Flashcards.

Assessment Tips

💡 Assessment Tip

Understand the difference between IDS (passive—detect and alert) and IPS (active—detect, alert, AND block). Know that signature‐based detection is effective against known threats but cannot detect zero‐day attacks, while anomaly‐based detection can d

🧪 Hands-On Lab

This chapter includes Lab 6 in Appendix E. View lab setup guide →

← Chapter 11 All Chapters Chapter 13 →