Questions about this topic? Sign up to ask in the talk tab.

IDS

From NetSec
Revision as of 05:49, 19 September 2011 by MargeryLeddy (Talk | contribs)

Jump to: navigation, search

Intrusion Detection Systems, or IDS, are defense mechanisms focused on analyzing the network traffic to detect anomalies or suspicious behavior, generating alerts when any of these situations occurs.

IDS are used to detect attacks aimed either to a network or to a specific host. See Also: IPS, NIDS, and HIDS.

Tools:

Cisco IDS NIDS

 Cisco IDS - A network layer intrusion detection system based off of tcpdump with signature support.

Snort NIDS

 Snort - A network layer intrusion detection system based off of libpcap with signature support and preprocessor support.

OSSEC HIDS

 OSSEC - A host-based intrusion detection system that utilizies log analysis combined with integrity checksums and rootkit detection engines.

Samhain HIDS

 Samhain - A file integrity checking application similar to OSSEC

Nepenthes HIDS

 Nepenthes - A malware connection utility similar to HoneyD

HoneyD HIDS

 HoneyD - A tool for collecting malware and tricking attackers into thinking they've performed a successful attack.