Network Sales and Services Handbook (Cisco Press Networking Technology)

Are IDSs similar to firewalls?

Intrusion Detection is considered to be a complement to network firewalls because they extend the security management capabilities of system administrators/managers to include things like the following:

• Monitoring and analysis of user and system activity

• Auditing of system configuration and vulnerabilities

• Assessing the integrity of critical system files and data files

• Recognizing patterns of activity that reflect known attacks

• Statistical analysis for abnormal activity patterns

• Operating system audit trail management, with recognition of user activity that violates company policy

Which is the preferred IDS: Host-based or network-based?

Network-based IDSs are the recommended solution because they protect every device on the network, detect problems quickly, and are not vulnerable to attack. Host-based IDSs are an effective solution in small networks where it is more cost-efficient to deploy multiple host-based IDSs rather than a single network-based IDS.