SNORT as Intrusion Detection System or IDS, but that is an IDS.
I want these entries as small safety caps without delving into technicalities, rather as general culture, later on I will do the techniques.
Well according Wikipedia is:
An Intrusion Detection System (IDS) is a program to detect unauthorized access to a computer or network.
Actually this does not clarify much and does not tell the complete truth, since an IDS only "INTENT" to detect attempts to compromise the security of a system or NET.
IDS looks for predefined patterns that involve any type of suspicious or malicious ACTIVITY on the network or host.
An IDS is like an Antivirus but more powerful and robust, an antivirus with STEROIDS jajajaja
Something not done by Antivirus is to anticipate any suspicious activity, the IDS is not designed to stop an attack but can generate certain types of response to them.
Let's see some things that SNORT as IDS brings us in the security of the NETWORK:
- Increase the security of the network.
- They monitor the traffic of the NETWORK.
- They examine the packets for suspicious traces.
- They detect the early stages of an attack.
- Detects port scanning or network analysis.
As we can see SNORT is more than a firewall, more than an antivirus, more than any program that can occur to us right now: D
The IDS are divided into 3 types according to their characteristics:
- HIDS (Host IDS): Intrusion Detection System, protects against a single Server, PC or Host, Monitor a lot of EVENTS, which we will talk about in the next post with more peace of mind.
- NIDS (NET IDS): Network Intrusion Detection System As its name indicates "NET" protects a system based on NET, the details will speak at the next SNORT entry.
- DNIDS (Distr NET IDS): Distributed Network Intrusion Detection System. This type of IDS more than protect monitors
Until the next time God blesses you