IDS Theory

In this section we introduce a practical mathematical model for evaluating and deploying IDSs in your network. This section is based on methods from statistics, which we have adapted to the information security realm.

IDS Limitations

Because of the nature of IDSs, they will always be at a disadvantage. Hackers can always engineer new exploits that are not yet detected by existing signature databases. In addition, as with virus scanners, keeping signatures up to date is a major problem. Furthermore, network IDSs are expected to cope with massive bandwidth. Maintaining state in a high-traffic network becomes prohibitive in terms of memory and processing cost.

Moreover, monitoring “switched networks” is problematic because switches ...

Get Maximum Wireless Security now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.