1.Any Intrusion Detection Systems(IDS) that are available in the market now.If possible say some of the disadvantages of them.
2.where do IDS works- in local host network or outside ?
3.Any IEEE volumes that abstracts IDS and/or its problems/advantages?
2006-07-31 22:51:24 · 2 answers · asked by sathish 1 in Computers & Internet ➔ Security
Hi, please do your own research for the project you are working on. Nobody will help you if you post your questions like this and are too lazy to find out your own answers for your school project.
2006-07-31 22:57:50 · answer #1 · answered by comage83 2 · 0⤊ 0⤋
The industry standard is Snort.
snort.org
For newest rules that Snort is a bit slow to incorporate, see
bleeding snort.com
This presumes you have a basic understanding of unix/linux, and can setup your own box. IDS works at your border appliance, or if your network is large enough, strategically placed around the network.
However, you would probably be much better off with an IPS, (Intrusion Prevention System), with IDS alerting.
ISS.net Proventia line does a fantastic job at both.
With IDS, depending on the traffic volume you see, the rules that utilize PCRE can run a little slow, so some packets may get through undetected. But you would need a network which pumps a lot of traffic.
2006-08-01 08:41:18 · answer #2 · answered by Gonzo 4 · 0⤊ 0⤋