10.5. Intrusion Detection Systems
IDSs are increasingly popular additions to network security. An IDS is used to search for patterns that may indicate an attack on a network. Unlike firewalls, which are designed to block suspect information, an IDS only issues a warning.
Generally, an IDS is placed at the edge of the network (Figure 10.7), so it can monitor all traffic in and out of the WAN. This is known as a network IDS (NIDS). An IDS installed on a server that is used to monitor connections to that server only is known as a host-based IDS. Most networks use a combination of host-based IDS and NIDS, because a single NIDS on the edge of the network may have trouble processing all of the incoming traffic. The NIDS is used to get the state of ...
Get The Practice of Network Security: Deployment Strategies for Production Environments now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
