Ask the Expert

The benefits of packet-based IDS

What benefits do packet-based network IDS have over signature-based IDS?


    Requires Free Membership to View

Packet-based IDS use rules that define protocols, not a static vulnerability signature. Where as you could create a new vulnerability and get around signatures, the same is not true for packet-based IDS.

Here's an example in real simple terms:
When police use radar guns on the highways, they don't care if you are a truck, motorcycle or car (packet-based). Thus, you are simply a packet carrying some sort of information. But a truck weight station looks for trucks (signatures) of so many axles, thus the truck fits a pattern or signature. The radar gun would look at trucks, cars and all vehicles, but the weight station would only stop trucks.


For more information on this topic, visit these other SearchSecurity.com resources:
Online Event Archive: Intrusion-detection systems with Ed Yakabovicz
Tech Tip: Intrusion detection rules of thumb
Tech Tip: Inspect files and directories for unexpected changes


This was first published in February 2002

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: