[ Thanks to Jerom for
this link. ]
“In years past, the term intrusion detection had a general
meaning: the methods by which an administrator learned about system
intrusions, or about attempts to intrude, on a given system. As in
most technological areas, intrusion detection has evolved and
specialized. The security industry has grown to include a number of
disciplines and subspecialties, each with its own cadre of
professionals. Why worry about intrusion detection if you have a
good firewall? Just remember: no lock is unpickable. Firewalls have
holes so that services can run (web, mail, and so on). Where
there’s a hole, there’s a way. Furthermore, most security experts
will tell you that security is not a destination, but a journey.
Even if you have outstanding security policies in place, rock-hard
firewalls, and a completely trustworthy user and administrator
base, you still need to watch your system like a hawk to make sure
that everything remains safe.“In this article, we explain the basic concepts of intrusion
detection and response…”