This chapter introduces you to one of the technologies that you can use to protect and defend the network: intrusion detection. Intrusion detection systems (IDSs) can be used to inspect network/host activity. An IDS can identify suspicious traffic and anomalies. The logical world of network security is not the only area in which intrusion detection is used. Intrusion detection as a technology is also used by security alarm companies, in financial and wire-fraud detection systems, and in homing systems used for guidance in artillery.

IDSs act like security guards. Just as security guards monitor the activities of humans, IDSs monitor the activity of the network. Unlike a security guard, an IDS doesn't fall asleep or call in sick. However, this does not mean that they are infallible. Any technical system has its limitations, and IDSs are no different. This chapter not only looks at the advantages and disadvantages of IDSs but also provides you with some basic hands-on skills for setting up and configuring an IDS. The IDS that is examined in this chapter is Snort. Let's start with a high-level overview of the development of intrusion detection.