GROUP 2

NAMES REGISTRATION NUMBER

1. MARY KAMAU SCT121-C004-0517/2023

2. IAN KATULA SCT121-C004-0193/2023

3. JACOB MACHOT ADOM SCT121-C004-0833/2018

4. YASMIN WARSAME SCT121-C004-0441/2023

5. JOY KAVULUNZE SCT121-C004-0436/2023

6. STANLEY KIBIRIU MWANIKI SCT121-C004-0439/2023

7. DENIS CHEBII SCT121-C004-0163/2020

QUESTION 1
1. Routing and Switching Concepts: Static vs Dynamic routing, Routing Protocols (RIP, OSPF, EIGRP BGP),
VLANs, Inter-VLANS routing.
Static vs Dynamic routing
Static Routing:

Static routing is when a network administrator manually configures the routes on a router. These routes do not change unless the administrator
manually modifies them.

Features of Static Routing:

2. Manual Configuration: The network administrator must configure each route on the router, specifying the destination network, next-hop
address, and interface.

3. Predictable: Since routes are manually configured, the behavior is predictable. If you know the configuration, you know the path.

4. No Overhead: Static routes do not require any additional network resources like bandwidth or CPU usage to maintain routing information.

5. Less Fault Tolerant: If a route goes down, the router will continue using the static route until the network administrator manually updates
the routing table.

6. Simple Networks: Static routing is often used in smaller, simpler networks where the routing requirements do not change frequently.
Dynamic Routing:

Dynamic routing is when routers use routing protocols to automatically discover routes and update their routing tables. The routes
are automatically adjusted as the network topology changes.

Features of Dynamic Routing:

1. Automatic Updates: Routers can automatically exchange information about available routes with other routers using routing
protocols (e.g., RIP, OSPF, BGP).

2. Adaptable: Dynamic routing is more adaptable to changes in the network. If a route becomes unavailable or a new route
becomes available, the routing table is automatically updated.

3. Routing Protocols: Common routing protocols include RIP (Routing Information Protocol), OSPF (Open Shortest Path First),
and BGP (Border Gateway Protocol).

4. More Overhead: Dynamic routing protocols require CPU resources and bandwidth to maintain the routing tables and exchange
route information.

5. Scalable: Dynamic routing is more suitable for large, complex networks where routing needs can change often.
When to Use Static Routing:

• Small networks where the topology doesn’t change often.

• Simplicity and control are needed.

• When you want to avoid the overhead of dynamic routing.

When to Use Dynamic Routing:

• Large, complex networks where the topology can change frequently.

• Networks with multiple paths and where automatic adaptation is needed.

• When ease of maintenance and fault tolerance are priorities.

 Routing Protocols(RIP,OSPF,EIGRP,BGP)
 Protocol : These are a set of rules or guidelines that devices follow to communicate with each other on the
network.
 Routing Protocol: These are rules and processes that routers use to communicate with each other and determine
the best paths for data packets to travel through a network.
 Routing protocols are also used to discover available routers within the network and find the least costly route to
target the router.
 The information from the routing discovery is used to build routing tables from for the connected routers. Then ,
each router uses its routing table when making routing decisions.
 Routing tables : are used to store paths between routers, when sending data , each router uses the table to find the
shortest less costly path to the target router to ensure efficient data transfer.
Routing Protocols
 There are four primary protocols and thus they include:

1. Distance Vector Protocols.

2. Path Vector Protocols.

3. Link-State Protocols.

4. Hybrid Protocols.

 And some of the routing protocols are:

1. Routing Information Protocol (RIP).

2. Interior Gateway Routing Protocol (IGRP).

3. Enhanced Interior Gateway Routing Protocol (EIGRP).

4. Exterior Gateway Protocol (EGP).

5. Border Gateway Protocol (BGP).

6. Open Shortest Path First(OSPF).

Routing Protocols
1.Routing Information Protocol (RIP)
 The Router Information Protocol is a Distance Vector Protocol and one of the oldest protocols
used.
 The Router Information Protocol is used in Local Area Networks (LANs) and Wide Area
Networks(WANs) and also runs in the Application Layer in the OSI Model.
 There are multiple Routing Information Protocols (RIPs) and thus they include RIPv1 and RIPv2.

 RIPv1 is the original version and determines network paths based on the IP destination
and the hop count of the journey . This is achieved by interacting with the network by
broadcasting its IP Routing Table to all routers connected to the network .
 RIPv2 is more advanced than RIPv1.It sends its routing table on to a multicast address .
RIPv2 also uses authentication to keep data more secure and chooses a subnet mask and
gateway for future traffic.
 A broadcast sends data to all the devices on a network within a specific subnet ,regardless of
whether they need it or not . While a multicast sends data to only a specific group of devices
that have experienced interest in receiving it.
Routing Protocols(RIP)
Advantages of Routing Information Protocol (RIP)
1. The Routing Information Protocol (RIP) is relatively straightforward to understand and implement.
2. It operates on the application layer thus making it easy to manage and configure.
3. RIPv2 can multicast its routing table . Hence, providing a more efficient way to communicate with other
routers other than broadcasting.
4. RIPv2 offers authentication measures to enhance data security.

Disadvantages of Routing Information Protocol (RIP)

5. RIPv1’s method of broadcasting its entire table can lead to increased traffic and potential inefficiencies.
6. Routing Information Protocol’s (RIP) maximum hop count of 15 restricts its use in larger networks.
7. Due to its hop count limitation , it is not suited for modern expansive networks.
8. Routing Information Protocol (RIP) can be slower to adapt to network changes , leading to potential
temporary routing loops.
Routing Protocols(IGRP)
2. Interior Gateway Routing Protocol (IGRP)
 Interior Gateway Routing Protocol (IGRP) is a Distance Vector Protocol used to exchange routing information between
routers within the same Autonomous Network, hence ensuring efficiency and stable routing in large and complex networks.

 An Autonomous System (AS) are inter-networks under the control of a single administration/ single organization.
 The Interior Gateway Routing Protocol is proprietary based protocol owned by CISCO.
 It calculates routes based on multiple factors including Bandwidth, delay , reliability and load hence making it more
versatile than Routing Information Protocol (RIP).
 In a Topology network, Interior Gateway Routing Protocol (IGRP) is responsible for ensuring that every router has
up to date routing tables with the best available routes.
 It updates itself with changes happening within the network to avoid routing loops.
 Unlike the RIP which has a maximum hop count of 15 , the maximum hop count of the Interior Gateway routing
protocol is 255 which is well suited for larger networks and complex technologies . It is basically scalable.
 The Interior Gateway Routing Protocol has been largely replaced by the Enhanced Interior Gateway Routing
Protocol.
 Routing Protocols(IGRP)
Advantages of Interior Gateway Routing Protocol (IGRP)
1. IGRP is well suited for large networks, due to its large hop count of 255 compared to the RIP’s hop count of 15.
2. It uses a composite metric based on factors like bandwidth , delay ,reliability and load hence offering more
accurate route selection compared to simpler protocols which solely depends on the hop count.
3. The use of metrics such as reliability and load ensures that the protocol can adapt to changes in network
conditions providing more bandwidth.

Disadvantages of Interior Gateway Routing Protocol (IGRP)

4. Vendor dependency: IGRP is a CISCO-Proprietary protocol, hence it only works on CISCO devices thus
restricting its use in mixed-vendor environments where interoperability is needed.
5. High Bandwidth usage: IGRP sends periodic routing updates which can consume significant network
bandwidth , especially in large networks.
6. Complex configuration: Its metric system is based on multiple factors such as bandwidth and delay can be
complex to configure and troubleshoot, hence requiring most expertise from network administrators.
Routing Protocols(EIGRP)
3. Enhanced Interior Gateway Routing Protocol (EIGRP)

 Enhanced Interior Gateway Routing Protocol (EIGRP) is a CISCO-Proprietary advanced distance vector routing protocol which is responsible for managing
and directing data traffic within an Autonomous network.

 Enhanced Interior Gateway Routing protocol (EIGRP) is a hybrid routing protocol. Hence combining the features of Distance vector protocol and the link
state protocol, thus making it more efficient and scalable for large and complex networks.

 EIGRP uses the Diffusing Update Algorithm(DUAL) to calculate the best path and backup paths to destinations,. This ensures loop-free and highly reliable
routing.

 Enhanced Interior Gateway Routing Protocol (EIGRP) calculates the most efficient routes to send data by considering factors such as Bandwidth, Delay,
Reliability and Load. Hence selecting the best paths to the destination.

 It also maintains a table of available routes in the network and actively updates it whenever there are changes to the network topology.

 Enhanced Interior Gateway Routing Protocol enables load balancing, distributing network traffic across multiple available paths, which optimizes resource
usage and prevents congestion.

 The EIRGP protocol tends to maintain a topology table, which stores backup routes incase the primary route fails. This in turn ensures that the network can
quickly adapt and re-route data without any disruptions.

 It supports large-scale networks by reducing bandwidth usage with incremental updates . Only sending updates instead of full routing tables.

 EIRPG has protocol independence. In the sense that beyond just IPV4 ,it can manage routing for IPV6 and other network protocols thus making it more
versatile and adaptable.
Routing Protocols(EIGRP)
Advantages of Enhanced Interior Gateway Routing Protocol (EIGRP)

1. EIGRP is scalable and works effectively in both small and large networks, handling complex topologies and extensive routing tables with ease.

2. It can work with multiple network layer protocols including IPV4 and IPv6, giving it versatility across different network environments.

3. With its metrics like bandwidth , delay , reliability and load , EIRGP selects the most optimal paths for data transmission, ensuring consistent
and dependable/ reliable routing.

4. EIRGP tends to have reduced bandwidth usage .This is achieved by the incremental updates rather than full updates of the routing table thus
conserving the Bandwidth in the network.

Disadvantages of Enhanced Interior Gateway Routing Protocol (EIGRP)

5. EIGRP is Cisco-Proprietary software hence it operates on CISCO devices or in environments using specific Cisco-licensed software. Thus,
limiting interoperability in mixed vendor networks.

6. Unlike some protocols such as the Open shortest Path First(OSPF) and Border Gateway Protocol (BGP), EIGRP is not universally
standardized. Thus, this reduces its adoption outside environments fully committed to cisco technology.

7. For network administrators unfamiliar with Cisco’s proprietary protocols,, understanding and trying to use the EIGRP’s unique features can
require additional learning and training.

8. EIGRP’s Reliance on advanced metrics and additional calculations(DUAL) can demand more CPU and Memory resources on routers, making
it less suitable for resource constrained devices.
Routing Protocols(EGP)
4. Exterior Gateway Protocol (EGP)
 Exterior Gateway Protocol (EGP) is a protocol, that is used to exchange data between the gateway hosts that neighbor each
autonomous systems.
 Exterior Gateway protocol facilitates the sharing of routing information between neighboring autonomous systems , ensuring
that the data packets can find their way across networks.
 The routing table of the Exterior Gateway Protocol includes known routers, route costs and network addresses of the
neighboring devices hence becoming easy to determine which networks are reachable through a particular autonomous system.
 Exterior Gateway Protocol supports a hierarchical structure , which simplifies the management of large-scale networks.

 Unlike modern protocols like Border Gateway Protocol (BGP) Exterior Gateway Protocol has limitations in scalability and
flexibility, which is why it has been largely replaced by the Border Gateway Protocol.
 The reason as to why the Exterior Gateway protocol is almost obsolete is because it does not support multipath networking
environments.
Routing Protocols(EGP)
Advantages of Exterior Gateway Protocol (EGP)

1. It allows gateway hosts to share information across distinct network domains, effectively acting as a bridge.

2. It has a routing database which contains comprehensive information , including known routers, route costs and the address of the neighboring
devices.

3. It facilitates path information sharing as it sends route data to neighboring routers, thus helping them update their table and help them make
better routing decisions.

Disadvantages of Exterior Gateway Protocol (EGP)

4. Exterior Gateway Protocol (EGP) is not suitable for modern multipath environments thus limiting its adaptability.

5. EGP’s method of sharing all the route data with neighboring routers can lead to redundant data transmission and thus leading to larger routing
tables.

6. As EGP keeps a database of nearby networks , its path determinations are more static , hence making it less flexible than newer protocols.

7. As networks grew, EGP struggled with handling larger more complex networks.

8. The EGP is obsolete . Hence being replaced by other protocols such as the BGP.
 Routing Protocols(BGP)
5. Border Gateway Protocol (BGP)
 Border Gateway Protocol (BGP) is a path vector protocol which is responsible for directing traffic between different autonomous systems on the
internet.
 Unlike the traditional distance vector protocols such as RIP which calculates distances, the Border gateway protocol is a path vector protocol
where it functions by tracking the sequence of the autonomous systems a route passes through, giving network administrators control over routing
decisions.
 Border Gateway Routing (BGP) is flexible thus allowing network administrators to define custom policies for route selection based on business
and technical priorities , such as preferring certain paths or avoiding others.
 Border Gateway Routing (BGP) helps maintain stable connections by detecting failed paths and rerouting traffic through alternative routes .

 Border Gateway Protocol is designed to handle the massive scale of the internet, managing extensive routing tables and ensuring robust
connectivity.
 There are two types of Border Gateway Routing and thus they include :

i. Internal BGP (iBGP) : Which is used for routing within a single autonomous system.

ii. External BGP (eBGP) : Which is used for routing between different autonomous systems.
 Routing Protocols(BGP)
Advantages of Border Gateway Protocol (BGP)

1. BGP is scalable. It is designed to handle the vast size of the internet. It efficiently manages extensive routing tables with
thousands of routes , making it suitable for global networks.

2. With its support for policy-based routing, BGP allows network administrators to customize route selection and prioritize paths
based on organizational needs, business priorities or technical criteria thus bringing about the factor of flexibility.

3. BGP ensures network resilience by maintaining multiple routes to a destination. Incase of a path failure ,BGP can easily re-
route traffic using an alternative route

Disadvantages of Border Gateway Protocol (BGP)

4. BGP requires considerable CPU , memory and bandwidth resources to handle the large-scale routing tables used in global
networks, which can strain less capable routers.

5. BGP has complex configurations thus requiring an expert to configure and manage. Misconfigurations can lead to serious
issues , such as route leaks thus impacting large portions of the internet.

6. By default BGP does not include robust security features. Hence threats like route hijacking and BGP spoofing are significant
concerns.
 Routing Protocols(OSPF)
6. Open Shortest Path First (OSPF)
• Open Shortest Path First (OSPF) protocol is a link state IGP protocol designed for dynamic routing within a single autonomous system.
• It is based on the link-state routing methodology and uses Dijkstra algorithm to compute the shortest path to each destination.
• It maintains a complete map of the network topology by exchanging link-state advertisements between routers.
• Changes in the network are quickly detected , and routing tables are updated efficiently thus ensuring minimal disruption.
• Open Shortest Path First (OSPF) supports Variable Length Subnet Mask and Classless Inter-Domain Routing, which allows more efficient IP address
management.
• OSPF can be divided into areas, which reduce routing table sizes and improve scalability in large networks.
• OSPF uses a customizable cost to determine the best path, offering more precision in route selection.
• OSPF uses multicast for routing updates, which conserves bandwidth and limits unnecessary data transmission to non-relevant routers.
• OSPF supports secure communications through authentication methods, reducing risks of unauthorized routing updates.

The OSPF Works in the following way

1. Routers form adjacencies with their directly connected neighbors by exchanging "Hello" packets or routers share LSAs to build a complete map of the
network's topology.

2. Using the link-state information, each router constructs a topology database and runs the Shortest Path First (SPF) algorithm to determine the best
routes.

3. Once the SPF computation is complete, the resulting routes are added to the router’s routing table.
 Routing Protocols(OSPF)
Advantages of Open Shortest Path First Protocol (OSPF)
1. OSPF quickly detects changes in the network (e.g., a failed link) and updates its routing tables efficiently. This minimizes downtime and
ensures reliable communication.
2. By using the Shortest Path First (SPF) algorithm, OSPF calculates routes that are inherently loop-free, ensuring optimal and accurate path
selection.
3. OSPF supports Variable Length Subnet Masking (VLSM) and Classless Inter-Domain Routing (CIDR), allowing for more efficient IP address
usage and improved flexibility in network design.
4. Routing updates in OSPF are only sent when changes occur, not periodically. Additionally, multicast addresses are used for updates, limiting
unnecessary transmission to non-relevant routers.
Disadvantages of Open Shortest Path First Protocol (OSPF)
5. OSPF can be challenging to set up and manage, especially in large networks with multiple areas. It requires significant expertise to configure
properly, and mistakes can lead to connectivity issues.
6. OSPF reacts quickly to topology changes, but this can also lead to frequent recalculations of routes in unstable networks, potentially causing
temporary disruptions.

7. Some advanced OSPF features may not be supported uniformly across devices from different vendors, leading to
interoperability challenges.
8. OSPF routers need to synchronize their topology databases for consistency. This dependence can slow down initial setup
and recovery in large networks.
 Routing Protocols
Distance Vector Protocols
 Distance vector protocols are a type of dynamic routing protocol used in computer
networks to determine the best path for data packets.
 In the Distance Vector Routing Protocols, each router in the network exchanges its routing
table information with the neighbor routers at frequent intervals . The purpose of this is to
update its own table with the latest information about the network paths.
 The protocol uses an algorithm(Bellman-Ford) algorithm to calculate the shortest path to
each destination and later updates the routing table iteratively based on the distance
vectors received from neighbors.
 Routers tend to rely on information from their neighbors rather than having a complete
look on the network which might lead to inconsistencies.
 Examples of the distance vector routing protocols are the Routing Information Protocol
(RIP) and the Interior Gateway Routing Protocol (IGRP)
 VLANs
• VLAN is a logical grouping of network devices that allows multiple networks to share the same physical infrastructure without
interfering with each other.

• VLANs are created and managed by network devices, such as switches rather than being defined by the physical location of
devices.
VLANs can improve network security by preventing unauthorized access between different network segments.

Advantages of VLANS
1. Improved Network Performance - VLANs reduce broadcast traffic by segmenting the network, preventing unnecessary data
transmission.

2. Enhanced Security - VLANs isolate different departments or user groups, reducing unauthorized access

3. Cost Reduction - VLANs reduce the need for additional network hardware like routers and switches by enabling logical
segmentation on existing infrastructure.

4. Better Network Management and Scalability - VLANs allow easier network reconfiguration without changing physical
connections.
 Inter-VLANs routing
• Inter-VLANs routing is a crucial networking concept that facilitates communication between different VLANs by using routers
or layer 3 switches to forward traffic between them.

• VLANs are used to segment networks and by default devices in different VLANs cannot communicate directly so, inter-VLANs
routing is established to facilitate communication between them.

Methods of Inter-VLANs Routing

1. Legacy (Router-on-a-Stick) Method – uses a single physical router interface connected to a switch. The router interface is
configured with multiple sub-interfaces, each assigned to a VLAN

2. Inter-VLAN Routing Using a Layer 3 Switch – A layer 3 switch is used instead of a router. Switched Virtual Interfaces (SVIs)
are created for each VLAN. The switch handles routing internally, improving performance.

3. Inter-VLAN Routing Using a Dedicated Router with Multiple Interfaces – A router with multiple physical interfaces is used.
Each VLAN is assigned to a separate router interface.
QUESTION 2
2. Network Security Fundamentals: Network threats, vulnerabilities, Security best practices,
Firewalls, IDS,IPS
Network Threats
Network threats refer to potential risks or attacks that can compromise the security, integrity, or availability of a
computer network or the data it handles.

Types of network threats

1. Malware
Malicious software that replicates itself and spreads to other systems, often causing damage or stealing information.

2. Denial of service
Overwhelming a network or system with excessive traffic, rendering it unavailable to legitimate users.
Network Threats
3. Man-in-the-Middle (MitM) Attacks
In this attack, an attacker intercepts and potentially alters communication between two parties without them knowing. This can
happen in unsecured networks, like public Wi-Fi, allowing attackers to eavesdrop, steal information, or inject malicious data.

4. Phishing
Phishing involves deceiving individuals into divulging sensitive information (such as passwords, account numbers, or credit card
details) by pretending to be a trustworthy entity. Typically done through email, phishing can also occur through other
communication channels.

5. Packet Sniffing
This threat involves capturing and analyzing network traffic to steal sensitive information like usernames, passwords, or other
private data. This can happen if the network is not adequately encrypted.

6. SQL Injection
SQL injection occurs when an attacker inserts malicious SQL code into an input field, allowing them to manipulate a database to
steal or alter data. This can exploit vulnerabilities in websites or applications.
Network Threats
7. Insider Threats
Employees, contractors, or other trusted individuals with access to the network may intentionally or unintentionally cause harm, such as leaking
sensitive data, stealing intellectual property, or making mistakes that lead to security breaches.

8. Social Engineering
In a social engineering attack, the attacker manipulates people into divulging confidential information, often by
exploiting trust, emotions, or authority. Common examples include pretexting, baiting, or impersonation.

Defending Against Network Threats

• Firewalls to block unauthorized access.

• Encryption to protect sensitive data in transit and at rest.

• Regular software updates and patching to address vulnerabilities.

• Intrusion Detection and Prevention Systems (IDPS) to monitor and prevent malicious activity.

• Security Awareness Training to educate users about phishing, social engineering, and other threats.

• Multi-factor Authentication (MFA) to add an additional layer of security.

• Anti-malware/antivirus tools to detect and remove malicious software.

Network Threats
• A firewall is a network security system that monitors and controls incoming and outgoing network traffic based on
predetermined security rules.

• The primary goal of a firewall is to establish a barrier that prevents unauthorized access to the secured data.

TYPES OF FIREWALLS
• Packet-filtering firewalls: These check packets (units of data) at the network layer and allow or block them based on predefined
rules, like IP addresses, ports, and protocols.

• Stateful inspection firewalls: These track the state of active connections and make decisions based on the state of the
connection (whether a packet is part of an established connection or not).

• Proxy firewalls: These act as intermediaries between a user and the service they are trying to access, effectively hiding the
internal network from external sources.

• Next-Generation Firewalls (NGFW): These go beyond traditional firewall features by incorporating features like intrusion
prevention, application awareness, and advanced threat protection.
Network Vulnerabilities
Network vulnerabilities are weaknesses or flaws within a network that can be exploited by cyber attackers to gain
unauthorized access, disrupt operations, or compromise data integrity. Understanding these vulnerabilities is a key
aspect of network security fundamentals, as it enables organizations to identify, mitigate, and prevent potential
threats.

Types of Network Vulnerabilities

• Software Vulnerabilities: These arise from outdated, misconfigured, or poorly coded software. Common examples include
unpatched systems and zero-day exploits, where attackers target vulnerabilities before they are publicly known or fixed.

• Hardware Vulnerabilities: Physical devices such as routers, servers, and switches can be prone to attacks due to outdated
firmware or insufficient security measures.

• Weak Authentication: Inadequate password policies or lack of multi-factor authentication can allow unauthorized access to
network resources.
Network Vulnerabilities
Types of Network Vulnerabilities
• Misconfigurations: Errors in the setup of network devices, firewalls, or access controls can inadvertently provide attackers a
pathway into the network.

• Insider Threats: Employees or other trusted individuals can pose a risk, either through negligence (e.g., clicking on phishing
emails) or intentional malicious actions.

Common Exploitation Methods

• Attackers typically exploit network vulnerabilities through methods like phishing, malware distribution, denial-of-service
attacks, and man-in-the-middle attacks. For instance, malware can be used to compromise systems, while denial-of-service
attacks aim to overwhelm a network's resources and disrupt service availability.
Network Vulnerabilities
Mitigating Network Vulnerabilities
• Conduct regular audits and vulnerability assessments to identify weak points.
• Implement strong access controls, such as encryption and multi-factor authentication.
• Patch and update software and hardware systems promptly to avoid exploitation.
• Train employees on cybersecurity best practices to reduce insider threats.
• Employ intrusion detection systems (IDS) and firewalls to monitor and secure network traffic.
Security Best Practices
1. Enforce Robust Authentication
• Use strong passwords and add Multi-factor Authentication (MFA).

• Weak passwords are like leaving your door unlocked , hackers guess them easily. MFA is a second lock.

• Passwords alone are brittle ,it should be complex for example “P@sswOrd2025”

• Should consist of 12+chars,mixed case and symbols.

2. Patch aggressively
• Keep your apps , devices and systems updated.

• Hackers love old software with known holes ,updates fix those holes

• Automate this updates

Security Best Practices
3. Encrypt everything.
• This means hiding your data.

• Encryption enables only you (or authorised people) to read data.

• Use VPN to encrypt everything while using public WI-FI

4. Split Your Network

• Break your network into zones so problems don’t spread.

• Use VLAN for example to microsegment

• One hacked device shouldn’t ruin everything

Security Best Practices
5. Back up with resilience
• This is implementing strategies that ensure data can be recovered quickly and efficiently in case of failure or disaster .

• Ransomware can lock your work therefore backups is your safety net.

6. Monitor Relentlessly
• Keep an eye on your network for anything weird

• Spotting trouble early stops big problems.

• Tools like Wireshark show what’s up on your network

IDS & IPS
Introduction to IDS

• An IDS is like a security guard for your network. It monitors all incoming and outgoing traffic, looking for suspicious
activity. If it detects something unusual, it alerts administrators but does not take action to stop the attack.

Types of IDS
1. NIDS (Network-Based IDS) – Monitors entire network traffic. It works like CCTV cameras watching a street.

2. HIDS (Host-Based IDS) – Monitors activity on a specific device. It works like an alarm system inside a house.
IDS & IPS
Pros & Cons
Pros:
• Detects potential threats without affecting network performance
• Can identify known attack patterns
Cons:
• Cannot prevent attacks, only alerts administrators
• May generate false alarms
IDS & IPS
Introduction to IPS
• An IPS is like a firewall with intelligence. It monitors and actively blocks malicious network traffic before it reaches the system.
Unlike IDS, which only alerts, IPS takes action to stop threats.

Types of IPS
1. NIPS (Network-Based IPS) – Monitors and blocks threats across the entire network. Think of it like a security checkpoint stopping
threats at the gate
2. HIPS (Host-Based IPS) – Protects a single device by blocking suspicious activity. Works like an antivirus that stops attacks before they
harm the system
IDS & IPS
Pros & Cons
Pros:
• Automatically blocks threats without waiting for administrator action
• Can prevent attacks in real-time
Cons:
• Can mistakenly block legitimate traffic (false positives)
• May slow down network performance due to deep traffic inspection
IDS & IPS
Differences Between IDS and IPS
Feature IDS IPS

Function Detects threats and alerts Prevents threats by

blocking

Placement Passive monitoring Inline with network traffic

Reaction Logs and alerts admins Actively blocks threats

Impact No direct effect on traffic Can disrupt traffic if

misconfigured
THE END