Introduction

Perhaps the best way to ensure system security is to have your system or network report certain changes to you. In this chapter, you will learn more about open source intrusion detection tools that can help you detect activity at the system and network level.

Chances are, your home or place of work has an alarm system. A home alarm is an intrusion detection device. Generally a system device at your home or at your place of work or in your car will do the following:

• Accept programming to work reliably when you are away.
• Actively monitor the likely break-in points.
• Use motion sensors to aid in monitoring an empty home.
• Detect an unwanted intruder.
• Send an alert to you or a trusted third party in case of an event.

In regards to computing, an Intrusion Detection System (IDS) is any system or set of systems that has the ability to detect a change in the status of your system or network. An IDS can then send you alerts or take appropriate predefined actions to help you protect your network. In the introduction to this book, you learned that an IDS auditing station can monitor traffic. An IDS can be something as simple as a network host using a simple application, such as Tcpdump, to learn about the condition of a network, or it can be a more complex system that uses multiple hosts to help capture, process, and analyze traffic. Because an IDS can contain multiple hosts and...