First page Back Continue Last page Summary Graphics
Intrusion Detection
Intrusion Detection is arguably the second most important layer. Intrusion Detection is the set of tools to find cracking activities, such as portscans, repeated attempts to log in to nonexistent accounts, repeated wrong passwords on a valid account or malicious packets traversing the network. Intrusion Detection are the sensors through which you experience the "outside world." There are two types of Intrusion Detection Systems (IDS): host-based and network IDS (HIDS and NIDS). Host-based IDS live on and watch individual hosts. Network-based IDS watch traffic on "the wire" and can use dedicated sensor machines placed around the network to watch for malicious activities. Properly deployed, these sensors are specialized sniffers (preferably on a receive- only hub) that report back to a centralized monitoring station, which sifts through sensor output.
Notes: