Network Intrusion Detection System
From Computing and Software Wiki
(Difference between revisions)
| Line 1: | Line 1: | ||
Network Intrusion Detection Systems has 3 main concerns: | Network Intrusion Detection Systems has 3 main concerns: | ||
| + | |||
| + | The typical function of a NIDS is based on a set | ||
| + | of signatures (or rules), each describing one known intrusion | ||
| + | threat. A NIDS examines network traffic and determines | ||
| + | whether any signatures indicating intrusion attempts | ||
| + | are matched. To detect such activity, NIDSes often need | ||
| + | to inspect the payload of incoming packets for such signatures. | ||
- [[Capture]]: data link layer packaging capture library | - [[Capture]]: data link layer packaging capture library | ||
Revision as of 23:37, 23 March 2008
Network Intrusion Detection Systems has 3 main concerns:
The typical function of a NIDS is based on a set of signatures (or rules), each describing one known intrusion threat. A NIDS examines network traffic and determines whether any signatures indicating intrusion attempts are matched. To detect such activity, NIDSes often need to inspect the payload of incoming packets for such signatures.
- Capture: data link layer packaging capture library
- Detection: pattern/signature
- Alter:
