Please enable JavaScript.
Coggle requires JavaScript to display documents.
(CHAPTER 3) 3.6 IDS framework, Signatures and tools (IDS Signatures…
(CHAPTER 3) 3.6 IDS framework, Signatures and tools
IDS Tool
Software
- Snort - Snort is a NIDS based on libcap, performs packet sniffing and works as a logger.
- BlackICE - Consists of an intrusion detection system the warns of attacks and resist threats against the system.
- SecureHost - Avoids attacks by immediately halting the suspected applications.
-
IDS framework
The proposed framework (layered model) for the IDS are numbered, starting from the Collection layer (layer 1), and each layer represents a group of specific tasks performed by agents specialized in the functions of the layer.
-
IDS Signatures
A signature is a rule that examines a packet or series of packets for certain contents, such as matches on packet header or data payload information.
Signatures are the heart of the Cisco network-based IDS solution. This section focuses on signatures and their implementation.
It is important to point out that it is not necessarily the number of signatures that makes an IDS signature-based solution good.
Instead, it is the flexibility of the signatures in detecting an attack.
-