Problem solve Get help with specific problems with your technologies, process and projects.

How do intrusion detection systems work?

How do intrusion detection systems work?

Intrusion detection systems are used to detect anomalies with the aim of catching hackers before they do real damage to your network. They can be either network- or host-based. A host-based intrusion detection system is installed on the client computer, while a network-based intrusion detection system resides on the network.

intrusion detection systems work by either looking for signatures of known attacks or deviations of normal activity. These deviations or anomalies are pushed up the stack and examined at the protocol and application layer. They can effectively detect things such as Xmas tree scans, DNS poisonings, and other malformed packets.

A good network based intrusion detection systems is SNORT. It is free and will run on Linux and Windows computers. One simple way to set it up is to span a port, and allow that port to capture all traffic that traverses that node of the network. Install SNORT on your OS of choice and connect it to that portion of the network with a "receive only" network cable. Once you configure your rules set, you will be ready to go!

Dig Deeper on Network Security Best Practices and Products

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.