intrusion. An IDS works like a burglar alarm system. If it detects a possible intrusion, the IDS will send out an alert
or warning which should prompt an administrator to perform further investigation which might include computer
forensics and prosecution. A host-based IDS monitors all traffic on a single host (computer). A network-based IDS
monitors all traffic at a network “point”.
Intrusion Prevention System (IPS) is a device that exercises access control to protect computers or networks from
exploitation. Intrusion prevention technology is considered by some to be an extension of IDS technology, but it is
actually another form of access control, like an application layer firewall. A host-based IPS monitors all traffic on a
single host (computer). A network-based IPS monitors all traffic at a network “point”.
As their name implies, IDS detects suspicious packets & alerts the security admin. IPS prevents suspicious packets
from entering the system or network. The main trade-off is that using IDS will allow an admin to react to danger
after it has occurred, but it may be too late. However, even though IPS may prevent an attack before it occurs,
legitimate packets may also get blocked due to the IPS responding to a “false positive”.
IDS Defined
(University of Alabama in Huntsville)
About IDS
IDS components
IPS Defined
IDS & IPS together (Opening ad)
Maximize IDS/IPS
Trends in IDS/IPS
HIDS vs. NIDS (Host-based IDS vs. Network-based IDS)
IDS FAQ
_______________________________________________________________________________________________
About IDS
IDS components
IPS Defined
IDS & IPS together (Opening ad)
Maximize IDS/IPS
Trends in IDS/IPS
HIDS vs. NIDS (Host-based IDS vs. Network-based IDS)
IDS FAQ
Snort
Snort is an open source network intrusion detection and prevention system utilizing a rule-driven language, whichcombines the benefits of signature, protocol and anomaly based inspection methods. It is capable of performing
real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searches,
and can be used to detect variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks,
SMB probes, OS fingerprinting attempts, and much more. With millions of downloads to date, Snort is the most
widely deployed intrusion detection and prevention technology worldwide and has become the de facto standard
for the industry.
Home
About
Terms of Use
Free Download (Unix/Linux)
Free Download (Windows)
Download Rules
Setup guides
Windows-based Snort documentation
Windows-based Snort forums
Running Snort under Windows (SANS FAQ)
Whitepaper (SANS Reading Room)
_______________________________________________________________________________________________
Other Downloads
NetworkWorld Rated DownloadsAirSnare IDS (Wireless)