Intrusion Detection Systems
Introduction into Intrusion Detection Systems (IDS)
In a similar manner to NIDS, these systems look for patterns in the log files that suggest an intruder is attacking. A typical example would be a parser for HTTP server log files that looks for intruders who try well-known security holes.
A third type of Intrusion Detection System includes deception systems also known as, decoys, lures, fly-traps and honeypots. These contain pseudo-services whose goal is to emulate well-known holes in order to trap hackers.
Honey pots are closely monitored network decoys serving several purposes: they can divert attackers from more valuable resources on a network, and can provide an early warning about new attacks and exploitations. They also allow for an in-depth examination of attacker behaviour during and after their exploration of the honeypot.
Honeypots are a flexible multi-use security tool and have many security applications; their purpose is not to fix problems. Instead they are used, for such measures as prevention, detection, or information gathering. A honeypot is a security resource whose value lies in being probed, attacked, or compromised.
An example of a honeypot is a system used to simulate one or more network services. An attacker assumes there are vulnerable services running that can be used to break into the machine. This kind of honeypot can be used to log access attempts to those ports including the attacker's keystrokes and general behaviour within the system. This could give advanced warning of a more concerted attack and better insight into how attackers probe systems.
Page 1 - Page 2 - Page 3 - Page 4 - Page 5 - Page 6 - Page 7
