Cisco currently provides IDSs in two flavors—network intrusion detection and host intrusion detection. Generally, it is advisable to start by implementing IDS in a network using the network-based variety because it has less impact on the network bandwidth and also doesn't consume CPU resources on individual servers. As soon as the network IDS is operational, based on specific requirements for servers that need to be protected from attacks, host IDS can be implemented on specific machines.
This chapter concentrates on Cisco's network-based intrusion detection. You are encouraged to look at the following URL for details on the host IDS:
Cisco's intrusion ...