Chapter 12. Intrusion DetectionIntrusion detection is an aspect of system management that lies, like many others, somewhere between a science and an art form. The main focus in this chapter is on enumerating a number of tools that generate information. This information is about the past and present state of your corporate IT infrastructure. Interpreting the information and understanding what it says are the most difficult parts of the process. In this chapter, we rehash the ideas expressed in other sections of this book in terms of system hardening. Because servers are created to offer their services, they are exposed to various levels of risk. The task of the various intrusion detection tools is to monitor and, one hopes, maintain the integrity of these hosts. The topic of intrusion detection is broken down into the following components:
By the end of this chapter, you should have a good grasp of the different aspects of monitoring for intrusions. In most cases, the best teacher is experience. This is true for both your ability to use the tools and the mindset you have as you work with them. |