Intrusion Detection Systems (IDS) monitors packets on the network wire and attempts to discover if a hacker/hacker is attempting to break into a system
System Integrity Verifiers (SIV) monitor system files to find when an intruder changes. Tripwire is one of the popular SIVs.
Intrusion Detection happens either by Anomaly detection or Signature recognition.
An IDS consists of a special TCP/IP stack that reassembles IP datagram's and TCP streams.
A simple Protocol verification system can flag invalid packets. This can include valid, by suspicious, behavior such as severally fragmented IP packets
In order to effectively detect intrusions that use invalid protocol behavior, IDS must reimplement a wide variety of application-layer protocols to detect suspicious or invalid behavior.
One of the easiest and most common ways for an attacker to slip by a firewall is by installing network software on an internal system that uses a port address permitted by the firewall's configuration.
Honey pots are programs that simulate one or more network services that you designate on your computer's ports.