This week’s topic is about network intrusion detection, and analysis. There are 4 types of system that could help with detection and prevention:
– NIDS (network based intrusion detection system): this are used to detect whether or not there are any suspicious activities by analyzing the traffic flow in the network. And to prevent these activities;
– NIPS (network based intrusion prevention system): this are used to prevent the attack recognized in the system. If there is an attack, the system will isolate the server under attack;
– HIDS (host based intrusion detection system)
– HIPS (host based intrusion prevention system)

HIDS and NIDS are both based on rules that have been researched by people (e.g. pattern of attack), and if the research found a new type of pattern, the researcher will add it to the rules. It is made to capture all suspicious packets in the network.

There are 2 types of IDS:
Commercial:
– check point IPS software blade
– next generation intrusion prevention system (NGIPS)
– extreme nips
– tipping point IPS
Open source:
– snort
– bro
– suricata
– sagan
HIDS:
– OSSEC
– fail2ban
– aide
– samhain