Recently, Ptacek and Newsham (1998) identified several weaknesses in intelligent network sniffers. Similar concerns about network IDSs were simultaneously identified by Paxson (1998). At the heart of the discussion is the fact that a network IDS cannot know for sure what is happening on the network nodes themselves. An inbound packet has a destination IP […]
The encryption issue is a particularly sticky one for network IDSs. It is highly likely that over time, you will see more encryption of application- level data. You need encryption for secure communications. There isn’t much you can do to change the limitations on network IDSs when encryption hides the network packet content. IDS vendors […]
A number of security policy settings can compromise a system. vulnerability checker, such as SAFESuite, eNTrax, or KSA, needs to plow through the system and find any weaknesses. A vulnerability is not necessarily a hack. For example, if the Administrator password is blank, this is not exactly what you would call a well-known and carefully […]
One of the main advantages of a network IDS is simple implementation. Unlike system-level intrusion detection, which requires a monitor to be running on every system, network IDSs require one monitor per subnet. Reduced cost is one consequence of this feature. Installing a single network IDS should be cheaper than installing client system level monitors […]
What can a network IDS detect? First, because the source of information is network packets, network IDSs look for attacks that are targeted at network protocols. Examples include Ping of Death and SYN Flood because both of these are attacks against weaknesses in TCP/IP itself. Problems in other protocols, such as Novell IPX and Microsoft […]
What makes a network IDS different from other tools about which you’ve read? The next few sections describe the basic approach to network intrusion detection. After this, you’ll see some example attacks that can be discovered by looking at network packets.
Networks and Subnets
Networked environments usually are divided into multiple subnets for various reasons. By separating […]
