Intrusion detection system (IDS) software.
Automated security incident measurement (ASIM).
Deploy one IDS for the entire network.
Deploy IDS on 50 percent of the network segments.
Consider using only a network-based IDS or host-based IDS.
Use a centralized management console for system management.
Can analyze any encrypted data if it is decrypted before reaching the target host
Consumes resources on the host it resides on and slows that device down.
Monitors log files for inadvisable settings or passwords.
Monitors traffic on the host on which it is installed.
Can decrypt data
Uses very few network resources
Monitors logs for policy violations.
Can analyze encrypted network traffic.
Passive and active.
Neither passive nor active.
File transfer protocol (FTP).
Domain name service (DNS).
Hypertext transfer protocol (HTTP).
Open system interconnection (OSI).
Fragment packet scan.
File transfer protocol (FTP) bounce scan.
Synchronous (SYN) scan.
User datagram protocol (UDP) scan.
Transmission control protocol (TCP) scan.
Keep ports open.
Keep ports closed.
Ensure all ports are used.
Maintain the AF PPS database.
Develop AF PPS policies and procedures.
Develop countermeasures on threats associated with PPS traversing the AF enclave boundaries.
Provide information on threats and vulnerabilities associated with PPS traversing the AF enclave boundaries.