Problem solve Get help with specific problems with your technologies, process and projects.

How do intrusion detection systems work?

How do intrusion detection systems work?

Intrusion detection systems are used to detect anomalies with the aim of catching hackers before they do real damage to your network. They can be either network- or host-based. A host-based intrusion detection system is installed on the client computer, while a network-based intrusion detection system resides on the network.

intrusion detection systems work by either looking for signatures of known attacks or deviations of normal activity. These deviations or anomalies are pushed up the stack and examined at the protocol and application layer. They can effectively detect things such as Xmas tree scans, DNS poisonings, and other malformed packets.

A good network based intrusion detection systems is SNORT. It is free and will run on Linux and Windows computers. One simple way to set it up is to span a port, and allow that port to capture all traffic that traverses that node of the network. Install SNORT on your OS of choice and connect it to that portion of the network with a "receive only" network cable. Once you configure your rules set, you will be ready to go!

This was last published in November 2004

Dig Deeper on Network Security Best Practices and Products

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.





  • How do I size a UPS unit?

    Your data center UPS sizing needs are dependent on a variety of factors. Develop configurations and determine the estimated UPS ...

  • How to enhance FTP server security

    If you still use FTP servers in your organization, use IP address whitelists, login restrictions and data encryption -- and just ...

  • 3 ways to approach cloud bursting

    With different cloud bursting techniques and tools from Amazon, Zerto, VMware and Oracle, admins can bolster cloud connections ...