Intrusion Detection in Depth

This chapter focuses on the importance of taking a proactive stance in detecting problems before they occur. Intrusion Detection Systems (IDS) are software or hardware systems that automate the process of monitoring the events occurring in a computer system or network, analyzing them for signs of security problems. The basics of intrusion detection, the differences between host-based and network-based IDS systems, and the core components of IDS systems are discussed in the chapter. When intrusion is detected in a network, a series of steps needs to be taken immediately to contain or prevent further damage. Active IDS responses are defined by one or more automated actions that are taken when certain types of intrusions are detected. Passive IDS responses provide information to system users, relying on humans to take subsequent action based on that information. The chapter also reviews some of the types of attacks one needs to understand, from a hacker's perspective, how these types of attacks can be initiated.