6.IDS6.1 types of IDSType of IDS can be divided as follows:6.1.1 Network-based IDSThe IDS that are installed in such a way that network traffic is blocked at the entrance or exit of a network segment to catch up so that IDS device can see all data and analyze the behavior of traffic in the network layer and application layer level.6.1.2 Host-based IDSThis type of IDS is software that is installed on the server that are important to detect unusual behaviour or event that occurs, only the server, such as a duplicate login error login multiple times. Access to the system during the period of non-regular working hours or by sending. Large files to other computers, networks, etc. Typically, the Host-based event IDS can include surveillance network traffic (of this server only), system log, running process, application activity, Access and changes to the file, change the value of the configuration of the system.6.1.3 Network Behavior Analysis IDSUsed to detect unusual traffic network flow, such as Denial of Service attacks (DoS), of malware, offences against information security measures such as traffic between the server that is not allowed, etc., are typically installed to watch traffic flow in the internal network of an organization or between organizations on the outside.6.1.4 Wireless IDSUse the wireless surveillance network traffic to analyze traffic over a wireless network protocol layer of the, such as unauthorized access. Grant, rogue access point, WEP key search attack attempts, and there are no object. Designed to detect unusual find out what is happening on transport layer, such as application or higher.6.2 analysis and intrusion detection6.2.1 usage IDSIDS are used to search for any possible event that will intrude on people? A good objective is.
การแปล กรุณารอสักครู่..