Read this whole guide offline with no ads, for a low price!
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Test yourself better with 300 extra Security+ questions!
Get It Here!

Custom Search

Table Of Contents  CertiGuide to Security+
 9  Chapter 3:  Infrastructure Security (Domain 3.0; 20%)
      9  3.4  Intrusion Detection
           9  3.4.1  Network Based

Previous Topic/Section  Active Detection
Previous Page
Pages in Current Topic/Section
Next Page
3.4.2  Host Based
Next Topic/Section  Passive Detection

Most early NIDS focused on passive detection, which involves alerting someone to the detected threat so that they can take action, if desired. IDSs that use only passive detection do not take action against the threat themselves. Passive methods include:

  • Logging the event (most IDSs use a standardized, documented log format such as Syslog, tcpdump, or Snort for ease of mining data from the logs).

  • Emailing or instant messaging an administrator.

  • Paging an on-call administrator.

  • Displaying an on-screen alarm.

  • Sending an alert to a monitoring system.

  • Sending an SNMP trap to flag the event.

  • Interfacing with a local custom application to perform site-specific tasks like entering the data for the suspicious activity into a site trouble reporting system.

Passive NIDS

With Passive Detection, when an attack is detected, the NIDS alerts someone so that appropriate action can be taken. The NIDS does not take any action against the perceived threat itself.

Actions which may be taken by passive detection NIDS include alerting an on-call administrator via paging or email, sending an SNMP trap to flag the event to a management console, logging behavior to a file, displaying an on-screen alarm or sending an alert to another monitoring system.

Previous Topic/Section  Active Detection
Previous Page
Pages in Current Topic/Section
Next Page
3.4.2  Host Based
Next Topic/Section

If you find useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $

Home - Table Of Contents - Contact Us

CertiGuide for Security+ ( on
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al. Version Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.