7.1. IDS Types

Traditionally, IDS has all been about analyzing network traffic to look for evidence of attack. Increasingly, however, IDS is also about scanning access logs and analyzing the characteristics of files to see if they have been compromised. And IDS has even been extended to the concept of honeypots—a fake network used to attract and distract crackers from the real network, all the while monitoring their actions.

The types of IDSs are categorized as follows:

Network Intrusion Detection System (NIDS)

Analyzes packets on a network and tries to determine if a cracker is trying to break into a system or cause a denial of service (DoS) attack. An NIDS typically runs on a hub or a router, analyzing all traffic flowing through that device. ...

Get Mastering™ Network Security, Second Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.