Linux Today: Linux News On Internet Time.

More on LinuxToday Intrusion Detection Response

Apr 24, 2002, 20:30 (0 Talkback[s])
(Other stories by Anton Chuvakin)

[ Thanks to LinuxSecurity Contributors for this link. ]

"Intrusion detection systems (IDS) seem to be one of the fastest growing technologies within the security space. Together with firewalls and vulnerability scanners, intrusion detection forms one of the cornerstones of modern computer security. In the commonly mentioned prevention-detection-response philosophy, IDSs take an honorable place for [sometimes] effective detection of threats let through by prevention technologies such as firewalls.

"However, there are attempts to position IDS products as the technology that can stop or prevent network attacks. It is easy to forget that 'D' stands for detection and not for deterrent or deflection. This article will investigate those attempts in the Linux world.

"On the technical level, most network IDS are set to send alerts upon seeing a known pattern (signature-based IDS) or some traffic anomaly (anomaly-based IDS) indicating an attack. While some programs can look only at packet level data (such as attack string present in one packet), many others are TCP connection-aware, are able to look at TCP streams and also can reassemble fragmented IP packets..."

Complete Story

Related Stories: