3. Intrusion Detection Systems
For readers not already familiar with the basic concepts of an Intrusion Detection/PreventionSystem (IDS/IPS), the following brief overview enables you to wisely use the rest of this chapter. Numerous publications revolve around Snort how-to books, IDS configurations, and sensor placement, and although some overlap of material is inevitable, this chapter attempts to refrain from reinventing the wheel and regurgitating that same literature. Instead, this chapter provides potentially new insight into common evasion techniques, detection strategies (signature versus anomaly), and deeply digs into signature analysis. This chapter finishes up with a side-by-side, apple-to-orange comparison of Snort and Bro—both are ...
Get Practical Intrusion Analysis: Prevention and Detection for the Twenty-First Century now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.