The next lesson in comptia security+ talks about the different type of reports, ids, ips and honeypots. This one is a little shorter than usual.
No matter how secure something is, there will always happen security incidents. And they must be reported!
In order to evaluate the security (and thus reporting it) you’ll need kind of a baseline, which represents a secure stat. Not just the current state, but how it addresses specific compliance issues. Also statistics would be a good idea to include like normal traffic flow. This might be helpful while identifying DoS attacks.
Also you should do regural checks and audits on the system.
Different types of Reports
|Alarms||An indiciation of an ongoing current problem. This are conditions to which you have to respond right now. Think of a siren going off when someone kicks in the door at home.|
|Alerts||Issues to which you need to pay attention but are not about to bring the system down at any moment. Many Anti- Virus- Software provide alert services when an attack is found.|
|Trends||Trends in threat. Eg.: There are more email-based phishing attempts in the last month than in previous months. Seeing trends allows you to take action before a major issue occurs.|
IDS vs IPS
Intrusion detection systems and intrusion prevention systems might sound kinda similar but they have a major difference: The first one just detects intrusions while the other one helps prevent them. (Mind = Blown)
A good not so clear-cut approach is a honeypot.
Honeypots are used to lure an attacker. Just imagine winnie the pooh get stuck in a honey pot because he had to eat again. The same happens to our attacker that we lure into our honeypot.
They attack a purposely vulnerable machine we set up and we can track him down.