Chapter 3. Intrusion Detection Overview

Terms you'll need to understand:

• Network intrusion

• Attack signature

• False positives, false negatives

• True positives, true negatives

• Host-based intrusion protection system (HIPS)

• Network-based intrusion detection system (NIDS)

• Profile-based intrusion detection (anomaly detection)

• Signature-based intrusion detection (misuse detection)

• Managed device

Techniques you'll need to master:

• Understanding IDS triggers

• Recognizing intrusion detection evasive techniques

• Describing the Cisco Secure Intrusion Detection System (CSIDS) environment

• Understanding CSIDS communications

We saw in Chapter 2, "Introduction to Network Security," how the need for network security is growing and evolving with the increasingly open and interconnected nature of today's networks. In this chapter, we explore how IDS components work together to proactively secure the network environment against a backdrop of both amateur and sophisticated attacks.

This chapter provides an overview of intrusion detection concepts and the various methods employed to detect, monitor, and respond to network intrusions. This chapter will familiarize you with different IDS triggers, attack identification methods , and monitoring locations, as well as provide you with an overview of intrusion detection evasive techniques. It then describes the components of the Cisco IDS protection environment and how these parts work together to enforce a layered approach to network security.