• Explain intrusion detection

• Identify the four types of security threats

• Identify the three types of attacks

• Understand the three phases of an attack

• Explain the difference between host-based and network-based intrusion detection

• Understand the difference between anomaly and misuse triggering mechanisms

The purpose of an intrusion detection system (IDS) is to notify the appropriate personnel when an intrusion or attack is discovered. You can detect attacks or intrusion into your computer network or systems in numerous ways and various IDS systems exist to detect these attacks. Just as a burglar alarm can be installed in a business to notify the police of an intrusion, an IDS system can be installed on your computer network to detect intrusions and notify security personnel.

This chapter provides an overview of intrusion detection by describing the four types of security threats, the types of attacks, and the phases of an attack. Additionally, this chapter examines the different types of IDS, and discusses the strengths and weaknesses of each type.