Professional Documents
Culture Documents
Goals of IDS
Goals of IDS
Present analysis in simple, easy-to-understand format User interface critical, especially when monitoring many systems
Be accurate
Minimize time spent verifying attacks, looking for them
IDS vs Firewalls
Firewalls provides protection from security breaches that come from outside the system
IDS also watches for the attacks that originates within the system
Firewalls does not provide application level security While IDS can scan application level weaknesses
Types of IDS
Host Based
Collects and analyze data that originate from a host. Eg. web server Network Based
Organization of an IDS
AAFID system
Autonomous agent is process that can act independently of the system of which
it is part of
Autonomous agent performs one particular monitoring function Has its own internal model Communicates with other agents Agents jointly decide if these constitute a reportable intrusion
AAFID
Host has set of agents and transceiver
Transceiver controls agent execution, collect information, forwards it to monitor (on local or remote system)