Chapter Summary
This chapter has provided an overview of intrusion detection technologies. It was concluded that IDSs can be subcategorized into two main divisions: network-based intrusion detection systems and host-based intrusion detection systems. The essence of network-based intrusion detection systems is in their purpose to analyze network traffic in real-time. They use raw packets traveling the network as the source of information and are most often implemented as standalone, dedicated devices that have one or more network interfaces running in a promiscuous mode. These systems usually feature an intrusion recognition module—either hardware or software—that uses one or more of the many analysis approaches, such as pattern matching, stateful ...
Get Security+ Training Guide now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
