Module 12: Evading IDS, Firewalls, and Honeypots
├── Intrusion Detection Systems (IDS)
│   ├── Function
│   │   └── Monitors, detects, and alerts on malicious activities
│   ├── Types
│   │   ├── Passive IDS
│   │   └── Active IDS (IPS)
│   ├── Detection Methods
│   │   ├── Signature Recognition
│   │   ├── Anomaly Detection
│   │   └── Protocol Anomaly Detection
│   └── Indicators of Intrusion
│       ├── New files
│       ├── Privilege escalation
│       ├── Modified file sizes
│       └── Unauthorized connections
├── Intrusion Prevention Systems (IPS)
│   ├── Function
│   │   └── Monitors and prevents attacks in real-time
│   ├── Actions
│   │   ├── Generate alerts
│   │   ├── Log activities
│   │   ├── Block malicious traffic
│   │   └── Prevent threats
│   └── Types
│       ├── Host-based IPS (HIPS)
│       └── Network-based IPS (NIPS)
├── Firewalls
│   ├── Function
│   │   └── Controls incoming and outgoing network traffic
│   ├── Types
│   │   ├── Hardware Firewalls
│   │   └── Software Firewalls
│   ├── Firewall Architectures
│   │   ├── Bastion Host
│   │   ├── Screened Subnet (DMZ)
│   │   └── Multi-homed Firewall
│   └── Technologies
│       ├── Packet Filtering
│       ├── Circuit-Level Gateways
│       ├── Application-Level Firewalls
│       ├── Stateful Multilayer Inspection
│       ├── Application Proxies
│       ├── VPN
│       └── NAT
├── Honeypots
│   ├── Function
│   │   └── Lures attackers to study their behavior
│   ├── Types
│   │   ├── Low-interaction Honeypots
│   │   └── High-interaction Honeypots
├── Evasion Techniques
│   ├── IDS Evasion
│   │   ├── Fragmentation
│   │   ├── Encrypted packets
│   │   └── Using false positives
│   ├── Firewall Evasion
│   │   ├── Port scanning
│   │   ├── Tunneling
│   │   └── Spoofing techniques
│   └── Honeypot Detection
│       └── Identifying unusual system behavior or network responses