7.3. Host-Based IDS

Until now we have focused on intrusion detection systems that run on a dedicated server and monitor all passing network traffic. These devices control traffic within an entire collision domain. Host-based IDS products are designed to protect only a single system.

Host-based IDS functions similarly to a virus scanner. The software runs as a background process on the system you want to protect as it attempts to detect suspicious activity. Suspicious activity can include an attempt to pass unknown commands though an HTTP request or even modification to the file system. When suspicious activity is detected, the IDS can then attempt to terminate the attacking session and send an alert to the system administrator.

7.3.1.

7.3.1.1. ...

Get Mastering™ Network Security, Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.