FAQ: Intrusion Detection Systems

I was going to post this over in the IDS security forum but i thought it best suited here in the newbie section as it offers a good overall (but basic) view of security and not really (all) to do with IDS.

link to source. http://www.securitysearch.net/articl...ction_FAQ.html

some topics covered:

Quote:

---

What is an "intrusion detection system (IDS)"?

What are hackers and crackers?

What are whitehats and blackhats?

How do intruders attack a system?

* Software bugs.
* System configuration.
* Password cracking.
* Sniffing unsecured traffic.
* Design flaws.

How do intruders get passwords?

What is a typical intrusion scenario?

What are some common "intrusion signatures"?

What are some common exploits?

* CGI scripts.
* Web server attacks.
* Web browser attacks.
* Access.
* IMAP.
* IP spoofing.
* Buffer Overflows.
* DNS attacks.

What are some common reconnaissance scans?.

* Ping sweeps.
* TCP scans.
* UDP scans.
* OS identification.
* Account scans.

What are some common DoS (Denial of Service) attacks?.

* Ping-of-Death.
* SYN Flood.
* Land/Latierra.
* WinNuke.

Where can I find some Statistics on intrusions?

How are intrusions detected?

What are the main things to do to secure a Win NT/200/XP system?

How do I collect enough evidence about the hacker?

What is Snort?

What intrusion detection systems are available?

Why do I need IDS if I already have a firewall?

What are the limitations of a network based IDS?

What is a honeypot?

1. What are the advantages of a honeypot?
2. What are the disadvantages of a honeypot?

What honeypot products are available?

What are deception countermeasures?

What are the legal implications of honeypots?

Do honeypots constitute entrapment?

Am I aiding and abetting a crime?

Am liable for attacks launched from the compromised honeypot?

---

Thnx Sumdum,

Iwas just searching something like this about IDS.
Good post.

Greetz,