This is a website on network Intrusion Detection. A network intrusion detection system (NIDS) tries to detect malicious activity such as denial of service attacks, port-scans or even attempts to crack into computers by monitoring network traffic. The NIDS does this by reading all the incoming packets and trying to find suspicious patterns. If, for example, a large number of TCP connection requests to a very large number of different ports is observed, one could assume that there is someone committing a "portscan" at some of the computer(s) in the network. It also (mostly) tries to detect incoming shellcodes... Read more
Host-based intrusion detection
Host-based intrusion-detection is the art of detecting malicious activity within a single computer. A host-based intrusion detection system (HIDS) uses host log information, system activity, and scanners such as virus scanners to determine whether a computer host is being used for illegitimate purposes. HIDS may be local to the protected host, remote (via syslogd, etc), or part of a distributed intrusion detection system. A common technique is to make checksums of important system files that should not be altered under normal circumstances. Intruders are likely to replace system components with so-called root kits that enable them to remain hidden in... Read more
Intrusion prevention
An intrusion prevention system (a computer security term) is any device which exercises access control to protect computers from exploitation. "Intrusion prevention" technology is considered by some to be an extension of intrusion detection (IDS) technology, but it is actually another form of access control, like an application layer firewall. Intrusion prevention systems were invented independently by Jed Haile and Vern Paxon to resolve ambiguities in passive network montoring by placing detection systems in-line. A considerable improvement upon firewall technologies, IPS make access control decisions based on application content, rather than IP address or ports as traditional firewalls had done.... Read more
Firewalls
In computing, a firewall is a piece of hardware and/or software which functions in a networked environment to prevent some communications forbidden by the security policy, analogous to the function of firewalls in building construction. A firewall is also called a Border Protection Device (BPD), especially in NATO contexts, or packet filter in BSD contexts. A firewall has the basic task of controlling traffic between different zones of trust. Typical zones of trust include the Internet (a zone with no trust) and an internal network (a zone with high trust). The ultimate goal is to provide controlled connectivity between zones... Read more
Sniffers
Packet sniffers (also known as network analyzers or Ethernet sniffers) are software programs (usually) or computer hardware that can intercept and log traffic passing over a digital network or part of a network. As data streams back and forth over the network, the sniffer captures each packet and eventually decodes and analyzes its content according to the appropriate RFC or other specifications. Depending on the network structure (hub or switch) one can sniff all or just parts of the traffic from a single machine within the network; however, there are some methods to avoid traffic narrowing by switches to gain... Read more
Intrusion Detection
In Information security, Intrusion Detection is the act of detecting actions that attempt to compromise the confidentiality, integrity or availability of a resource. Intrusion Detection does not in general include prevention of intrusions. Intrusion detection can be performed manually or automatically. Manual intrusion detection might take place by examining log files or other evidence for signs of intrusions. A system that performs automated intrusion detection is called an intrusion detection system (IDS). An IDS can be either host-based, if it monitors system calls or logs, or network-based if it monitors the flow of network packets. Modern IDSs are usually a... Read more
