Chapter 10. Intrusion Detection
This chapter introduces you to one of the technologies that you can use to protect and defend the network: intrusion detection. Intrusion detection systems (IDSs) can be used to inspect network/host activity. An IDS can identify suspicious traffic and anomalies. The logical world of network security is not the only area in which intrusion detection is used. Intrusion detection as a technology is also used by security alarm companies, in financial and wire-fraud detection systems, and in homing systems used for guidance in artillery.
IDSs act like security guards. Just as security guards monitor the activities of humans, IDSs monitor the activity of the network. Unlike a security guard, an IDS doesn't fall asleep or call in sick. However, this does not mean that they are infallible. Any technical system has its limitations, and IDSs are no different. This chapter not only looks at the advantages and disadvantages of IDSs but also provides you with some basic hands-on skills for setting up and configuring an IDS. The IDS that is examined in this chapter is Snort. Let's start with a high-level overview of the development of intrusion detection.
Overview of Intrusion Detection and Prevention
Intrusion detection was really born in the 1980s, when James Anderson put forth the concept in a paper titled "Computer Security Threat Monitoring and Surveillance." A few years later, Dorothy Denning advanced the concept of IDS further and worked with the Department ...
Get Build Your Own Security Lab: A Field Guide for Network Testing now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.