Intrusion detection systems (IDS) are designed to detect and thwart network attacks. Based on their location, they can be either of the following:
Network IDS— Examines or sniffs every packet flowing across the network and generates an alarm upon detection of a network attack signature.
Host IDS— Examines operating system information such as logs or system process, against a base line. When the system deviates from the normal values because of an attack, alarms are generated.
Chapter 6 defines some of the intrusion detection mechanisms you can use in an IP network, namely NetRanger.
Cisco IDS delivers a comprehensive, pervasive security solution for combating unauthorized intrusions, malicious Internet worms, and bandwidth ...