Intrusion Detection Systems

Intrusion detection systems (IDSs) provide continuous monitoring protection for networks and hosts against attacks. The goal is to detect an attack as it’s occurring. Some IDSs are passive and provide a notification of a potential attack, and other IDSs are active and will thwart the attack in progress.

imageTIP An active IDS is now commonly referred to as an intrusion prevention system (IPS). IPSs are covered later in this section.

IDSs are categorized as network-based or host-based. A network-based IDS (NIDS) monitors network traffic while a host-based IDS (HIDS) monitors traffic for an individual system such as a server ...

Get SSCP Systems Security Certified Practitioner All-in-One Exam Guide now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.