|Read this whole guide offline with no ads, for a low price!|
Use coupon code "certiguide" to save 20%!
|Test yourself better with 300 extra Security+ questions!|
|Get It Here!|
22.214.171.124 Passive Detection
Most early NIDS focused on passive
detection, which involves alerting someone to the detected threat so
that they can take action, if desired. IDSs that use only passive detection
do not take action against the threat themselves. Passive methods include:
- Logging the event (most IDSs use a standardized,
documented log format such as Syslog, tcpdump, or Snort for ease of
mining data from the logs).
- Emailing or instant messaging an administrator.
- Paging an on-call administrator.
- Displaying an on-screen alarm.
- Sending an alert to a monitoring system.
- Sending an SNMP trap to flag the event.
- Interfacing with a local custom application to
perform site-specific tasks like entering the data for the suspicious
activity into a site trouble reporting system.
With Passive Detection, when an attack is detected, the NIDS alerts someone so that appropriate action can be taken. The NIDS does not take any action against the perceived threat itself.
Actions which may be taken by passive detection NIDS include alerting an on-call administrator via paging or email, sending an SNMP trap to flag the event to a management console, logging behavior to a file, displaying an on-screen alarm or sending an alert to another monitoring system.
|If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!|
Table Of Contents - Contact Us
CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004
Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.