Get this Security+ CertiGuide for your own computer.
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Also available: 300-question Security+ practice test!
Get It Here!

Custom Search

Table Of Contents  CertiGuide to Security+
 9  Chapter 3:  Infrastructure Security (Domain 3.0; 20%)
      9  3.1  Devices
           9  3.1.9  IDS (Intrusion Detection System)

Previous Topic/Section
How Does an IDS Work?
Previous Page
Pages in Current Topic/Section
Next Page
Security Issues with IDS
Next Topic/Section

Which One Should I Get?

In June 2003 the research group Gartner declared IDS a failure291, notably due to the ‘false positive issue, as seen in a few paragraphs. As the number of TCP network intrusions has increased over the years, more and more IDS’s have been developed, both commercial and non-commercial. As with firewalls, commercial IDS packages can be pricey. Examples of commercial intrusion detection systems you might want to research include:

  • RealSecure, by Internet Security Systems 292

  • Dragon, by Enterasys 293

  • NFR, by Network Flight Recorder 294 (also available in a free research version)

The most popular open source network IDS, and possibly the most popular one period, is Snort295. SANS Intrusion Detection wizard Stephen Northcutt calls it, “the most advanced intrusion detection system money cannot buy.”296 Additionally, a comprehensive list of public domain and shareware IDS software can be found at the COAST Intrusion Detection System Resources site297.

If you don’t require network-wide monitoring for suspicious activity, check out the following host-specific IDS options, which are only some of the packages in the growing category of freeware, sometimes-open source, IDS’s:

  • Tripwire, by the Tripwire open source team298 (also available in a commercial version)

  • Tcpwrappers, by Wietse Venema299

  • PortSentry, by Psionic Technologies300

  • AIDE (Advanced Intrusion Detection Environment)301

The different IDSs have subtly different capabilities, strengths and weaknesses, so before committing to one, do your research! Make sure that the one you’ve selected does in fact detect the kinds of intrusions you care about, and that the system is able to respond with the types of actions you need. For example, if you need for the system to dial a pager, make sure that it can do these or at least that you can find a pager dialing program out on the net (they’re there…) and that the system can run it.

Be cautious in reading reviews. This industry is evolving rapidly, what with new “cracking” techniques constantly being developed, and new detection measures being created to identify them, so review comments true about the last version of a package may or may not still apply to the current version. When in doubt, check with the vendor.







296. Northcutt, Stephen, Donald McLachlan, Judy Novack, Network Intrusion Detection: An Analyst’s Handbook (2nd Edition), New Riders.






Previous Topic/Section
How Does an IDS Work?
Previous Page
Pages in Current Topic/Section
Next Page
Security Issues with IDS
Next Topic/Section

If you find useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $

Home - Table Of Contents - Contact Us

CertiGuide for Security+ ( on
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al. Version Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.