IDS for PFsense- Solution? Snort is the solution

Posted on Posted in Pfsense (EN)

Intrusion Detection System (IDS)

Introduction

The term IDS (Intrusion Detection System) refers to a mechanism that quietly listens for traffic in the network to detect abnormal or suspicious activities, and thereby reduce the risk of intrusion. There are two key SDI families: The N-IDS (Network Intrusion Detection System) group, which guarantees security within the network. The H-IDS (Intrusion Detection System on the Host) group, which guarantees security on the host. An N-IDS needs exclusive hardware. This forms a system that can verify packets of information traveling through one or more lines of the network to discover if any malicious or abnormal activity has occurred. The N-IDS puts one or more of the system’s unique network adapters into promiscuous mode. This is a kind of “invisible” mode in which they do not have an IP address. Nor do they have a series of protocols assigned. It is common to find different IDS in different parts of the network. Typically, probes are placed outside the network to study possible attacks, as well as internal probes are placed to analyze requests that have passed through the firewall or have been performed from within. The H-IDS is located on a particular host. Therefore, its software covers a wide range of operating systems such as Windows, Solaris, Linux, HP-UX, Aix, etc. The H-IDS acts as a standard daemon or service in th

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *