Ask the Expert

How do intrusion detection systems work?

How do intrusion detection systems work?

    Requires Free Membership to View

Intrusion detection systems are used to detect anomalies with the aim of catching hackers before they do real damage to your network. They can be either network- or host-based. A host-based intrusion detection system is installed on the client computer, while a network-based intrusion detection system resides on the network.

intrusion detection systems work by either looking for signatures of known attacks or deviations of normal activity. These deviations or anomalies are pushed up the stack and examined at the protocol and application layer. They can effectively detect things such as Xmas tree scans, DNS poisonings, and other malformed packets.

A good network based intrusion detection systems is SNORT. It is free and will run on Linux and Windows computers. One simple way to set it up is to span a port, and allow that port to capture all traffic that traverses that node of the network. Install SNORT on your OS of choice and connect it to that portion of the network with a "receive only" network cable. Once you configure your rules set, you will be ready to go!

This was first published in November 2004

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: