Module 3 - SLP SECURITY TECHNOLOGY TOOLS II

IDPS Evaluation Name: Instructor: Date: IDPS Evaluation Evaluation is the measure of the extent of performance. For network security, the IDPS should meet some security targets. The targets for a network guard should be high to protect any computer. It is advisable to set targets and then proceed to evaluate if a computer system meets it. In assessing the systems, the advantages and drawbacks of each method are worth analyzing (Weaver, Weaver & Farwood, 2014). Without the tests, one may not be sure if their systems are efficient or vulnerable for attacks. Upon evaluation, one may decide if they can continue using the system or not. In doing so, one can evaluate different IDPS to find which is more effective. Here is an analysis of evaluation systems, the motivations to do the same, and the characteristics to test, current assessment efforts and challenges. The motivation to evaluate IDPS comes from the various techniques that intruders use. Intruders have different techniques they can use to access a system. Due to that, a lot of IDPS exists in the market. Some can work well in one operating system. Others can work well mixed operating systems (Karen & Mell, 2007). Some are best choices for a large number of computers. Some can function better for one computer. The network-based and hot-based security methods all present a daunting task for the safety administrators (George, 2013). One must have a group of security administrators to work with before the can evaluate which is best. The best will then be chosen for use. The IDPS characteristics should be able to spot intrusions, evasion techniques and manipulation of information systems. The functionality, performance and reliability of a system will be measurable by different experts who know how to test if they work well. Both the known and unknown attacks pose great dangers (Weaver, Weaver & Farwood, 2014). However, the first characteristic is if the system recognizes an attack. Attacks can come in several ways. The Host-based and network-based types will show blocks to any intrusions. Based on their abilities, they can act by blocking or communicating to the administrator to act. In any case, the damage has high potentials. It will require instant action to prevent the attack from causing the damage. The measurement criteria should be able to recognize any traffics that come and leave the system for the h0st-based type. For the network-based type, the process is direct. That will bring in the second factor to consider which recognizes an attack. Attackers change their daily plans and techniques (George, 2013). The vulnerabilities of the system to attacks should be under the surveillance of the system. Some attacks may not be relevant to a system but can be used to access important files and information within a network. All these needs to be analyzed and in detection, be thwarted. Finally, a system needs to detect the potential damage and results of an attack. Some attacks might interfere with the data. Some systems will only highlight that there was an attempt to attack. The potential damage may not feature (Alomari, 2013). Others still, can show after an attack is made and damage of vast quantity done. In such a case, the validity o...