7.4. NIDS Fusion
In an attempt to not only overcome the limitations of traditional NIDS, but also allow for more proactive defense, NIDS research is pushing toward the integration—or to use the more common term of military origin, the fusion—of data. By combining the packet information (the actual information being communicated) from servers and hosts, along with information about other types and sources, NIDS systems can more accurately determine information about an attack. Additional data sources include the following:
Filesystem
Using Tripwire or some other type of software to create and compare file signatures can add a powerful last line of defense. Although using a filesystem IDS won't prevent a cracker from penetrating your system, ...
Get Mastering™ Network Security, Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
