How Does an IDS Work?
The exact details of how IDS detects potential break-ins vary depending on the IDS in use. IDSs can employ a variety of techniques to determine what constitutes an intrusion. These will be discussed in more detail in section 3.4, when we get into the specifics of network and host based IDSs.
IDSs do more than just DETECT intrusions they react to them as well. To go back to our burglar alarm analogy, an alarm would be of limited use if all it did was keep a counter each time a window is broken, without taking any other actions to inform responsible parties or discourage the intruder. When an IDS detects a suspected intrusion, it can page an administrator, display an alert on the console, log the suspicious incident, or even take steps to reconfigure the network to reduce the effect of the intrusion. Well discuss more about this in section 3.4.
Home - Table Of Contents - Contact Us
CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004
Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.