O'Reilly logo

Mac® Security Bible by Joe Kissell

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

22.2. Network Intrusion Detection Systems

The first type of network monitoring in this chapter's parade of acronyms is the network intrusion detection system, or NIDS. Intrusion refers to any sort of unauthorized access — but, in particular, a NIDS may look for evidence of things such as network mapping, port scanning (even of the stealth variety that specifically seeks to evade detection), fingerprinting, repeated unsuccessful login attempts, floods of data intended as a denial-of-service (DoS) attack, services commonly associated with malware of various sorts, and other behaviors that might rightly worry a network administrator.

NOTE

I discuss network mapping, port scanning, and fingerprinting in Chapter 20. They're useful techniques for you to try on your own network, but your goal should be to use techniques such as a NIDS to improve your network's defenses to the point where even you can't successfully execute a network map or port scan on your Macs from another computer on your network! A perfect port scanner could defeat any NIDS, and a perfect NIDS could detect any port scanner — but perfect tools of either sort don't exist.

At first glance, a NIDS may seem to accomplish the same thing as a firewall. Both aim to help you keep out unwanted traffic, so to that extent, they're in the same general category. However, firewalls are generally static and dumb. They do what you tell them to do, such as blocking all incoming access from a certain IP address or to a certain port, ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required