You need to protect your network from Denial of Service attacks in real time and maintain a log of hosts that attempt such attacks. What should you implement in your network?

Introduction / Context:
Denial of Service attacks attempt to overwhelm network resources or specific hosts with excessive traffic, causing service disruption. Modern enterprises require mechanisms that can detect such attacks in real time, block or mitigate them, and maintain detailed logs for forensic analysis and security reporting. Traditional devices like routers and simple access control lists offer only limited protection. A specialised Intrusion Detection and Intrusion Prevention System is designed specifically for these tasks and integrates with routers, switches, and firewalls to provide both detection and active response.

Given Data / Assumptions:

• There is a requirement for real time detection of Denial of Service attempts.
• There is also a requirement for logging the details of attacking hosts.
• The solution should be network wide and not limited to a single host.
• We assume a typical enterprise environment with routers, switches, and possibly firewalls already present.

Concept / Approach:
An Intrusion Detection System analyses traffic patterns and compares them against known attack signatures or behavioural models. An Intrusion Prevention System extends this concept by performing active intervention, such as dropping malicious packets, resetting connections, or dynamically adjusting firewall rules. Many modern devices combine both capabilities and are called IDS or IPS. These systems are designed to detect Denial of Service attacks, port scans, and other threats, and can generate detailed logs about the source IP addresses, timestamps, and types of attacks. This aligns exactly with the requirements stated in the question.

Step-by-Step Solution:
1. Identify the two key goals: real time protection from Denial of Service and detailed logging of attack attempts. 2. Evaluate whether simple router features such as auto secure or additional routers meet these goals. They generally do not provide full intrusion detection and prevention functions. 3. Recognise that an Intrusion Detection or Intrusion Prevention System is specifically designed to monitor traffic, detect attacks, and respond in real time. 4. IDS and IPS solutions also maintain event logs that record attack signatures, sources, and time of occurrence. 5. Therefore, the best solution that matches both the security and logging requirements is to implement an IDS or IPS in the network.

Verification / Alternative check:
In practice, security teams deploy host based IDS and IPS on critical servers and network based IDS and IPS in key segments of the network. Logs from these systems feed into a central security information and event management platform for correlation and reporting. During a Denial of Service attack, administrators can observe alerts in real time and verify that malicious traffic is being blocked or rate limited. This is far more precise than simply adding routers or using automatic configuration scripts and aligns directly with security best practices.

Why Other Options Are Wrong:
Add additional routers to increase path redundancy: More routers provide redundancy but do not directly detect or block Denial of Service attacks, nor do they maintain specialised attack logs.
Use the auto secure command on all routers: Auto secure is a helpful configuration tool on Cisco devices, but it does not provide comprehensive real time intrusion detection and prevention with logging of specific attacks.
Configure the Naggle algorithm on all interfaces: The name Nagle refers to a TCP optimisation algorithm, and it is not a security feature. It has no relation to Denial of Service protection.
Disable all unused switch ports and rely on port security only: Disabling unused ports is good hygiene, and port security helps against some local attacks, but these measures alone do not provide full protection against distributed Denial of Service attacks from external networks.

Common Pitfalls:
Some learners assume that basic firewall rules or simple router hardening are enough to handle advanced attacks. Others confuse features like auto secure or simple logging with dedicated intrusion detection and prevention. To avoid such confusion, remember that an IDS or IPS is built specifically to recognise patterns of malicious activity and respond in real time, while also producing detailed logs that can be used for compliance and forensic analysis. It is a key component of a defence in depth strategy.

Final Answer:
Implement an Intrusion Detection and Prevention System (IDS/IPS)