Anyone know what IDS's really do ?
I'd be really greatful for any information about how they work and why they are are important (if they are). Any advise for good window's IDS's would be cool too !
Thanks in advance
Katez
Printable View
Anyone know what IDS's really do ?
I'd be really greatful for any information about how they work and why they are are important (if they are). Any advise for good window's IDS's would be cool too !
Thanks in advance
Katez
This link should tell you all you need to know
http://www.robertgraham.com/pubs/net...detection.html
Thanks dude
Theres a tutorial by qod about intrusion detection systems -
http://www.antionline.com/showthread...hreadid=252880
A IDS system pretty much, looks at all the packets going into your computer. If the IDS thinks that theres something suspicious about a packet, it makes a log and gives you a alert. You give this log to your ISP (or their ISP) and let them decide.
People use this with a firewall because if someone manages to get into your computer, they can delete your firewall logs and whatever evidence there is on your computer. The IDS' existence is usually hard to notice, so the logs cant be found. Some IDS email you the log.
Not a problem hope it answers all your questions you may have about it.
OMG that was a great link, I dont mind doing research but it can be a relief to find more than one answer on the same page. Thanks a lot
Boogyman
nice link I had been thinking about running an ids becuse I recently set up a wireless network in my house I think I will have to move it up on my list of things to do.
can you recomend any good IDS programs that you have experience with?
Although not a expert at IDS.. let me share some info I know abt IDS....
IDS works like a closed circuit camera.. It os capable of monitoring the traffic that passes through its lens..... IDS aim to detect computer attacks , computer misuse and to alert the proper individuals upon detection through mails, alerts, sms etc.Quote:
What does IDS do?
The placement of IDS is very critical ...... Some people prefer installing it after the firewall.... personally I believe in this.. while others advocate installing of IDS before the firewall......
Network Based IDS ...... Monitors the data that passes over the network.. basically it monitors all the traffic entering the network or generating from the network (assumption is that IDS is properly placed to monitor the above activities)...
Host based IDS similiarly monitor activities on a specific host.....
Problems with any type of IDS implementation is False Positives......... where legitimate network traffic are marked as intrusions...
Two commonly used techniques to detect intrusions are Signature based and anomaly based ....
While signature would compare the packet with current intrusion signatures.. anomaly aims at identifying normal usage patterns... anything which deviates from normal usage pattern is termed as intrusion....
It has been discussed many times on this board bvut for convinience of users...... some of the IDS for home users are
snort
blackice
Commercial IDS
Real Secure
NFR etc...