|
In this chapter, you learned about the basics of network IDSs, particularly signatures and how they cause false positives and negatives. We took a close look at where IDS sensors and software can be located in various network environments and discussed the advantages and disadvantages of various deployment architectures. The goal of this chapter was not to teach you everything you will ever need to know about intrusion detection. Several good books focus on that topic, such as Network Intrusion Detection: An Analyst's Handbook, by Stephen Northcutt and Judy Novak, and Intrusion Signatures and Analysis, by Stephen Northcutt, Mark Cooper, Matt Fearnow, and Karen Frederick. Instead, we examined the role that IDS plays in a layered defense and how it has become a critical component of a good security solution. |
|