An intrusion is an unauthorized access, use, or attack on your network or computers.

IDSs work by watching network and system activity, and comparing that to known signatures or against algorithms to separate legitimate activity from suspicious activity.

IDSs can then log the attack and respond in a number of ways. The most common response is to alert the system administrators through SNMP traps, text messages, phone calls, or pages.

Attackers are interested in everyone connected to the Internet these days; it s not necessarily personal.

An IDS can alert you to network traffic and system activity of which you may not have been aware. It can increase the effectiveness of a good system administrator, and provide him with additional data.

An IDS will not replace your existing security staff, or make people stop attacking you.

Snort is a network IDS with sophisticated pattern-matching capabilities that are used to uniquely describe attack traffic.

Snort signatures for the latest viruses, worms, and other new vulnerabilities are usually written and released within hours or days of the new attacks debut.

You can write your own Snort signatures to match company policy violation, new or unique traffic, or anything else.

IDSs can be configured to just detect and alert, or to respond as well.

Possible responses include dropping the traffic, spoofing ICMP or TCP Reset packets, or identifying and tracing back toward...