7.1. IDS Types
Traditionally, IDS has all been about analyzing network traffic to look for evidence of attack. Increasingly, however, IDS is also about scanning access logs and analyzing the characteristics of files to see if they have been compromised. And IDS has even been extended to the concept of honeypots—a fake network used to attract and distract crackers from the real network, all the while monitoring their actions.
The types of IDSs are categorized as follows:
Network Intrusion Detection System (NIDS)
Analyzes packets on a network and tries to determine if a cracker is trying to break into a system or cause a denial of service (DoS) attack. An NIDS typically runs on a hub or a router, analyzing all traffic flowing through that device. ...
Get Mastering™ Network Security, Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
