Questions about this topic? Sign up to ask in the talk tab.
Difference between revisions of "IDS"
From NetSec
MargeryLeddy (Talk | contribs) |
MargeryLeddy (Talk | contribs) |
||
| Line 1: | Line 1: | ||
| − | <b>I</b>ntrusion <b>D</b>etection <b>S</b>ystems | + | <b>I</b>ntrusion <b>D</b>etection <b>S</b>ystems, or IDS, are defense mechanisms focused on analyzing the network traffic to detect anomalies or suspicious behavior, generating alerts when any of these situations occurs. |
| − | IDS are used to detect attacks aimed | + | IDS are used to detect attacks aimed either to a network or to a specific host. See Also: [[IPS]], [[NIDS]], and [[HIDS]]. |
Tools: | Tools: | ||
Revision as of 06:49, 19 September 2011
Intrusion Detection Systems, or IDS, are defense mechanisms focused on analyzing the network traffic to detect anomalies or suspicious behavior, generating alerts when any of these situations occurs.
IDS are used to detect attacks aimed either to a network or to a specific host. See Also: IPS, NIDS, and HIDS.
Tools:
Cisco IDS - A network layer intrusion detection system based off of tcpdump with signature support.
Snort - A network layer intrusion detection system based off of libpcap with signature support and preprocessor support.
OSSEC - A host-based intrusion detection system that utilizies log analysis combined with integrity checksums and rootkit detection engines.
Samhain - A file integrity checking application similar to OSSEC
Nepenthes - A malware connection utility similar to HoneyD
HoneyD - A tool for collecting malware and tricking attackers into thinking they've performed a successful attack.
