|
Intrusion Detection Systems(IDS) are software programs that analyze network traffic for known attack signatures. IDS systems can either be passive or reactive. Passive systems will detect and report intrusions, while reactive IDS systems will detect the intrusions and at the same time terminate the connection to the offending host. Two other design features make an IDS either Host-based or Network Based. Host based ID systems will only analyze the traffic on a single host. This type of setup typically would be installed on a web server or other Internet facing hosts. A Network Based IDS will detect network anomalies on certain network nodes. It is common to place a network based IDS in the same location as a Demilitarized Zone (DMZ) and/or in the same segment that has the enterprise's firewall.
|