Summary
This chapter provided an introduction to the art of intrusion detection. An IDS is an important component in a defense in depth strategy for protecting information resources. Intrusion Detection Systems are analogous to burglar alarms in the physical world. They both monitor for intrusions and alert designated parties when suspicious activity is detected. IDSs are an important technology because they are the only tool that can monitor in real time for network intrusions.
IDSs come in two flavors: Host IDS (HIDS) and Network IDS (NIDS). HIDSs reside on the monitored host and have privileged access to sensitive files. HIDSs use this access to monitor for unusual activity. NIDSs reside within a network and protect large portions of infrastructure ...
Get Intrusion Detection with Snort now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
