Craig, In addition to what Mark said, an IDS will often work off of a database of attack characteristics. An IDS maintains more state information than would a firewall. Several of the non commercial IDS systems rival their vendor developed counterparts. I recommend reading, "Network Intrusion Detection, An Analyst's Handbook", by Stephen Northcutt (SANS).
Steve "Post, Mark K" wrote: > > Craig, > > It's used with a firewall, not in place of. A firewall is intended to keep > the bad guys out in the first place. An IDS is designed to figure out that > they got in anyway, and tell you what it was they messed with while they > were there. Tripwire for instance keeps track of file sizes, dates (and I > think a checksum) of important system files. If one of those attributes > changes from one daily scan to the next, it tells you there's a problem. > > Mark Post > > -----Original Message----- > From: Kittendorf, Craig [mailto:[EMAIL PROTECTED]] > Sent: Thursday, April 25, 2002 9:36 PM > To: [EMAIL PROTECTED] > Subject: Re: Intrusion Detection Software > > That leads to part 2 of the "newbie" question, > How is "Intrusion Detection Software" different from a firewall? same as? > Used instead of? used with but enhances? > > Thanks, > Craig > > -----Original Message----- > From: Gregg C Levine > To: [EMAIL PROTECTED] > Sent: 4/25/02 4:37 PM > Subject: Re: Intrusion Detection Software > > Hello from Gregg C Levine > While we are on the subject, has anyone succeeded in getting the > ipchains setup to work correctly on their systems? As to your question, > Craig, I am afraid, that I do not. > ------------------- > Gregg C Levine [EMAIL PROTECTED] > ------------------------------------------------------------ > "The Force will be with you...Always." Obi-Wan Kenobi > "Use the Force, Luke." Obi-Wan Kenobi > (This company dedicates this E-Mail to General Obi-Wan Kenobi ) > (This company dedicates this E-Mail to Master Yoda ) > > > -----Original Message----- > > From: Linux on 390 Port [mailto:[EMAIL PROTECTED]] On Behalf Of > > Kittendorf, Craig > > Sent: Thursday, April 25, 2002 4:31 PM > > To: [EMAIL PROTECTED] > > Subject: Intrusion Detection Software > > > > Anyone have any experience/recommendations with Intrusion Detection > > Software, e.g. tripwire, snort, etc. > > > > Thanks, > > Craig Kittendorf > > Systems Programmer -- Steve Kotzmoyer [EMAIL PROTECTED] TCP/IP Monitor Development Home: (540) 253-5821 Landmark Systems Work: (703) 464-1695
