With the recent advances in the field of network security, a technique called
Intrusion Detection System IDS is developed to further enhance and make network secure.
It is a way by which we can protect our internal network from outside attack, and
can take
appropriate action if needed. Using intrusion detection methods, information can be
collected from known types of attack and can be used to detect if someone is trying to
attack the network. Many techniques are there to detect intrusion in a network like
signature matching, anomaly based and others.
The work presented here studies and compares the techniques used by intrusion
detection systems, and focuses on the signature matching technique. It discusses the open
source, free intrusion detection system Snort. Another open source intrusion detection
system Bro is also discussed. It compares these systems alarms against the open source
tool IDSWakeup.
Enterprise network servers and websites are exposed to a lot of attacks and attempts to hack, with the aim of sabotage or access to information. IDPS detection and prevention systems play an important role in the process of detecting and preventing h
ackers, and it's importance increases with the increasing experience and development of attacks and attackers. In this research, we will work to present the attacks that the network can be exposed to, then clarify the concept of cyber security, clarify the types of detection and prevention systems, mechanism and classification. in the practical part, we will apply Snort tool in the process of protecting web servers from denial of service attacks DOS.