Q

The benefits of packet-based IDS

What benefits do packet-based network IDS have over signature-based IDS?


Packet-based IDS use rules that define protocols, not a static vulnerability signature. Where as you could create a new vulnerability and get around signatures, the same is not true for packet-based IDS.

Here's an example in real simple terms:
When police use radar guns on the highways, they don't care if you are a truck, motorcycle or car (packet-based). Thus, you are simply a packet carrying some sort of information. But a truck weight station looks for trucks (signatures) of so many axles, thus the truck fits a pattern or signature. The radar gun would look at trucks, cars and all vehicles, but the weight station would only stop trucks.


For more information on this topic, visit these other SearchSecurity.com resources:
Online Event Archive: Intrusion-detection systems with Ed Yakabovicz
Tech Tip: Intrusion detection rules of thumb
Tech Tip: Inspect files and directories for unexpected changes


This was first published in February 2002

Dig deeper on Network Intrusion Detection (IDS)

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close