Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.


  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint
Share this Page URL
Help

Chapter 4. Access-Control Systems and Me... > Intrusion-Detection Systems (IDS)

Intrusion-Detection Systems (IDS)

An IDS is designed to function as an access-control monitor. It can monitor network or host activity and record which users attempt to access specific network resources. An IDS can be configured to scan for attacks, track a hacker's movements, alert an administrator to ongoing attacks, and highlight possible vulnerabilities that need to be addressed. IDS systems can be divided into two broad categories: network-based intrusion-detection systems (NIDS) and host-based intrusion-detection systems (HIDS).

IDS systems are like 3-year-olds. They require constant care and nurturing, and don't do well if left alone. I say this because IDS systems take a considerable amount of time to tune and monitor. The two biggest problems with IDS systems are false positives and false negatives. False positives refer to when the IDS has triggered an alarm for normal traffic. For example, if you go to your local mall parking lot, you're likely to hear some car alarms going off that are experiencing false positives. False positives are a big problem because they desensitize the administrator. False negatives are even worse. A false negative occurs when a real attack has occurred and the IDS never picked it up.


  

You are currently reading a PREVIEW of this book.

                                                                                                                    

Get instant access to over $1 million worth of books and videos.

  

Start a Free Trial


  
  • Safari Books Online
  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint