From charlesreid1

Defense of a machine falls into two main categories:

  • Intrusion Prevention
  • Incident Recovery

In the first scenario, you're working to stop intrusions before they happen: Metasploitable/Defenses/Stopping

In the second scenario, you're detecting intrusions after they happen and doing forensic work: Metasploitable/Defenses/Detecting

There are also categories of defense types:

  • On-machine defenses
  • Network defenses

For on-machine defenses, you're looking at systems and software that operate within the domain of a single computer.

For network defenses, you're analyzing an entire network, incorporating data from multiple systems and domains.