Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint
Share this Page URL
Help

Chapter 3. Intrusion Detection Systems

3. Intrusion Detection Systems

For readers not already familiar with the basic concepts of an Intrusion Detection/PreventionSystem (IDS/IPS), the following brief overview enables you to wisely use the rest of this chapter. Numerous publications revolve around Snort how-to books, IDS configurations, and sensor placement, and although some overlap of material is inevitable, this chapter attempts to refrain from reinventing the wheel and regurgitating that same literature. Instead, this chapter provides potentially new insight into common evasion techniques, detection strategies (signature versus anomaly), and deeply digs into signature analysis. This chapter finishes up with a side-by-side, apple-to-orange comparison of Snort and Bro—both are considered as the two most commonly used freeware IDSs available, even though they take separate approaches. However, the frequency of use is hugely in favor of Snort—it boasts 3 million public downloads. At the smaller end of the spectrum, Bro is an IDS that has only a handful of site deployments around the world, but it has an extremely knowledgeable following. If you have already run an IDS/IPS, you are a network security analyst with a couple years of experience or you at least know what these sorts of systems are all about, so feel free to skip to Chapter 4, “Lifecycle of a Vulnerability.”

Note

Bro has significantly less documentation online and in print; therefore, the Appendix, “Bro Installation Guide,” provides a crash course for installing and deploying it.


  • Safari Books Online
  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint