June 20, 2007
Intrusion detection with Snort on Red Hat Enterprise Linux 5
Intrusion detection and intrusion prevention systems (IDS and IPS, respectively) provide the ability to inspect and analyze network traffic and either generate alerts or drop traffic in the event that an attack or a malicious event is detected. They are two of a number of controls, such as firewalls, designed to protect your network from a variety of attacks. Both IDS and IPS are commonly deployed in organization's perimeters to protect externally-facing assets, like Internet-facing Web services. They can also be deployed internally to ward off attacks or virus outbreaks. For example, an IPS sensor that can be configured to stop the spread of a virus or worm may be located in-line on an internal network choke point.