Talk With an Expert

Intrusion Detection Systems: An Overview of RealSecure

Intrusion Detection Systems: An Overview of RealSecure (PDF, 1.64MB)Published: 27 Sep, 2001
Created by
Darrin Wassom

Code Red. Denial of Service attacks. The never-ending flood of security bulletins from Microsoft. For a network security professional, drastic measures have been needed to stem the tide of attacks against your network. Wouldn't it be nice to have a tool that could warn you of potential threats to your network? A tool that would log intrusion attempts and notifies you in near real-time of attacks to your network? Intrusion Detection Systems (IDS) are tools to monitor networks for anomalies that could indicate an attack on your network. Typically, IDS is passive in nature and works by scanning packets for patterns that match a pre-defined signature base. The signature base contains information relating to a known vulnerability, threat or pre-attack probe. Most IDS platforms will also allow for the creation of a custom signature base that can scan for pattern matches (passwords, keywords, etc) or new threats where a known signature does not currently exist. Intrusion Detection Systems can be a valuable tool when employing a 'defense in depth' strategy to your network but diligence is required to ensure success. This paper reviews one IDS RealSecure to describe its plusses and minuses with special emphasis on filtering out false positives.