Skip to Main Content
Network Security First-Step, Second Edition
book

Network Security First-Step, Second Edition

by Thomas M. Thomas, Donald Stoddard
December 2011
Beginner content levelBeginner
552 pages
13h 30m
English
Cisco Press
Content preview from Network Security First-Step, Second Edition

How Are Intrusions Detected?

An IDS has a special implementation of TCP/IP that enables it to gather the packets and then reassemble them for analysis. It is not enough to simply sniff the packets; an IDS must examine them. An IDS can use one of three methods to detect intrusion:

• Pattern matching or signature-based

• Statistical anomaly-based

• Stateful protocol analysis

A pattern matching or signature-based model uses a set of rules, or signature, to detect an attack in progress. A device used for intrusion detection is loaded with a set of signatures. Each signature contains information about the kind of activity to look for in traffic passing through the network to detect whether an attack is under way. When the traffic passing through matches ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Network Security Auditing

Network Security Auditing

Chris Jackson - CCIE No. 6256
Security and Privacy in Cyber-Physical Systems

Security and Privacy in Cyber-Physical Systems

Houbing Song, Glenn A. Fink, Sabina Jeschke

Publisher Resources

ISBN: 9781587204142Purchase book