Skip to Main Content
Network Security Hacks
book

Network Security Hacks

by Andrew Lockhart
April 2004
Intermediate to advanced content levelIntermediate to advanced
320 pages
9h 10m
English
O'Reilly Media, Inc.
Content preview from Network Security Hacks

Chapter 7. Network Intrusion Detection

Hacks #82-95

One class of tools that’s come to the forefront in network security in recent years is network intrusion detection systems (NIDS). These systems can be deployed on your network and monitor the traffic until they detect suspicious behavior, when they spring into action and notify you of what is going on. They are excellent tools to use in addition to your logs, since a network IDS can often spot an attack before it reaches the intended target or has a chance to end up in your logs.

Currently, there are two main types of NIDS. The first type detects intrusions by monitoring the traffic for specific byte patterns that are similar to known attacks. A NIDS that operates in this manner is known as a signature-based intrusion detection system. The other type of network IDS is a statistical monitor. These monitor the traffic on the network, but instead of looking for a particular pattern or signature, they maintain a statistical history of the packets that pass through your network, and report when they see a packet that falls outside of the normal network traffic pattern. NIDS that employ this method are known as anomaly-based intrusion detection systems.

In this chapter you’ll learn how to set up Snort, a signature-based IDS. You’ll also learn how to set up Snort with SPADE, which adds anomaly-detection capabilities to Snort, giving you the best of both worlds. This chapter also demonstrates how to set up several different applications ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Linux: Powerful Server Administration

Linux: Powerful Server Administration

Uday Sawant, Oliver Pelz, Jonathan Hobson, William Leemans

Publisher Resources

ISBN: 0596006438Catalog PageErrata