Intrusion Detection Systems

In my previous post I talked about a IDS. IDS is a system that is used to monitor your network or hosts for behaviour that is out of the norm. They look for known attacks and alert you. You can usually have a back end database to store this information.

IDS systems can protect against zero day exploits, directory traversal, SQL injection attacks, buffer overflows, worms and othe Mal ware.

A good IDS should be able to do the following:

1. Deep Packet Inspection
2. Behaviour analysis
3. Logging

SNORT is a great and free IDS. It can do network analysis and logging.

There are plenty of books availiable to learn and configure SNORT.

Cisco also has a IDS, they call it IPS or Intrusion Prevention System.