Host Based Intrusion Detection: An Overview of Tripwire and Intruder Alert
- Abstract
- Intrusion detection has been defined by Peter Loshin of Computerworld magazine as "the art and science of sensing when a system or network is being used inappropriately or without authorization".
d IDS resides on the system being monitored and tracks changes made to important files and directories. While both are part of a good defense-in-depth strategy to prevent attackers from being able to enter networks and alter or compromise critical information, only a host based intrusion detection system with a well written policy will provide a strong foundation to good system security.