Analyzing and interpreting output from security technologies

There are various applications that security administrators can use to analyze and stop various attacks. Let's look at these here:

  • HIDS/HIPS: HIDS/HIPS are both used inside host computers; the HIDS to detect attacks and the HIPS is used to protect the computer against attacks. Both have filters set up to choose an alert type to filter. Look at the following diagram, where we are setting a filter for insecure SSH connection attempts:
Figure 16: HIDS output
  • Antivirus/advanced malware tools: There are quite a few antivirus/anti-malware tools that will scan the computer on a regular ...

Get CompTIA Security+ Certification Guide now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.