systems have fundamental flaws in their designs and
functionalities. Intrusion detection does not necessarily prevent
intrusions. As more organizations encrypt traffic, it becomes
increasingly difficult to track intrusions because IDSs have no
capabilities to examine encrypted traffic and are, therefore,
unable to recognize problems and create alerts. Engineers rely
heavily on IDSs to fight hackers. If configured improperly, the IDS
will generate false positive alerts, which can be disastrous to the
organization. Too many alerts can cause security administrators to
become complacent and overlook important events. Several studies
have shown that detections of negative security events can take
over six months.
In this discussion,
you are going to look at the role of IDSs in protecting digital
assets. Research a minimum of three industry publications (e.g.,
National Institute for Standards & Technology [NIST], Institute
of Electrical and Electronic Engineers [IEEE], Internet Engineering
Taskforce [IETF], etc.) on this topic. Address the differences and
similarities between IDS and intrusion protection systems (IPS).
Explain some of the difficulties associated with configuring and
maintaining IDSs, given the changing pattern of traffic on
networks. Considering these issues, explain why organizations rely
heavily on IDSs, even though they do not prevent hackers from
penetrating an infrastructure. Support your statements with
evidence from your sources.
Your initial post
should be a minimum of 250 words.