Monitoring data

When analytics (how we analyze the data) analyze the information provided, it is based on rules that are set inside the IPS/IDS. However, no system is foolproof. They try their best but sometimes provide outcomes different than those expected. There are two different types:

  • False positive: The NIDS/NIPS has decided, based on the information gathered, that an attack is taking place. However, when the network administrator investigates it, they find that there is no attack.
  • False negative: The NIDS/NIPS is not updated and attacks have been taking place without detection.
Exam tip: A false positive is a false alarm, however a false negative doesn't detect anything while you are being attacked.

Get CompTIA Security+ Certification Guide now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.