Please enable JavaScript.
Coggle requires JavaScript to display documents.
CHAPTER 3 (Network Signatures (Analyze the patterns in two forms (Within…
CHAPTER 3
Network Signatures
Packet content signature
- Provides pattern matching with the packet content.
Packet header analysis
- Effective in detecting suspicious activity without considering packet content.
-
NIDS tools
NetRanger
- Developed by Cisco systems, used for network-based detection
- Consists of two parts which the sensor and director. Connected to a "post office" communication system
Bro
- Monitors the network traffic and identifies the suspicious traffic.
- To filter and analyze the network traffic that flows in a single network location.
NIDS vs HIDS
NIDS
-
-
-
- Detecting outbound attacks
- gained from a total section of network
HIDS
-
- Scans local machine registry
-
- Detecting inbound attacks NIDS
- Obtained from a system(a single host)