Firewall
-active filtering
-fail-close
Network IDS
-passive monitoring
-fail-open
NIDS Sensor Deployment
SNORT
-open source
-Highly configurable
-Lightweight IDS
Characteristics:
easily deployed on most nodes
efficient operation
easily configured by system administrators
Performs real-time packet capture
Detects a variety of attacks and probes
Packet -> Decoder -> Detection Engine -> Alert
Configured as passive
– Monitors traffic
– Is not in the main transmission path
– Is not an inline sensor
Configured as Intrusion Detection
