Chapter 3. Intrusion Detection Concepts
Upon completion of this chapter, you will be able to perform the following tasks:
Describe the basic types of devices used to capture traffic for your IDS sensors
Explain the commands used to monitor network traffic using SPAN
Explain the difference between using SPAN and RSPAN
Explain the commands used to monitor network traffic using VACLs
Identify the steps used to define a VACL
Before deploying an intrusion detection system (IDS), you must understand the benefits that an IDS provides. An IDS is software and possibly hardware that detects attacks against your network. Besides detecting attacks, most IDSs also provide some type of active response to the attacks, such as resetting TCP connections and updating ...