IDS Theory
In this section we introduce a practical mathematical model for evaluating and deploying IDSs in your network. This section is based on methods from statistics, which we have adapted to the information security realm.
IDS Limitations
Because of the nature of IDSs, they will always be at a disadvantage. Hackers can always engineer new exploits that are not yet detected by existing signature databases. In addition, as with virus scanners, keeping signatures up to date is a major problem. Furthermore, network IDSs are expected to cope with massive bandwidth. Maintaining state in a high-traffic network becomes prohibitive in terms of memory and processing cost.
Moreover, monitoring “switched networks” is problematic because switches ...
Get Maximum Wireless Security now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.