Chapter 3. Intrusion Detection Concepts

Upon completion of this chapter, you will be able to perform the following tasks:

  • Describe the basic types of devices used to capture traffic for your IDS sensors

  • Explain the commands used to monitor network traffic using SPAN

  • Explain the difference between using SPAN and RSPAN

  • Explain the commands used to monitor network traffic using VACLs

  • Identify the steps used to define a VACL

Before deploying an intrusion detection system (IDS), you must understand the benefits that an IDS provides. An IDS is software and possibly hardware that detects attacks against your network. Besides detecting attacks, most IDSs also provide some type of active response to the attacks, such as resetting TCP connections and updating ...

Get CCSP Self-Study: Cisco Secure Intrusion Detection System (CSIDS) now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.