This chapter described an overview of IDSs, including basic terminology such as false positives and negatives, true positives and negatives, and attack signatures. We reviewed five methodologies used by signatures, including profile-based detection, misuse detection (sometimes called signature-based), pattern matching, protocol decode, and heuristic analysis. You then learned that attackers can use IDS evasive techniques such as flooding, encryption, fragmentation, and obfuscation to dodge IDSs.
We described the Cisco IDS environment, including the active defense system, Cisco Threat Response, and the complementary functions of HIPS and NIDS. The Cisco product family was then reviewed in the context of HIPS and NIDS; although Security Agent is Cisco's host-based IPS software agent, the IDS 4200 series sensor appliance, Router IOS IDS, Firewall PIX IDS, and IDSM2 modules provide network-based intrusion detection.
We then provided a review of management tools, including IDM, IEV, CSA MC, and VMS. Finally, we introduced the PostOffice and RDEP communications protocols, with more detailed coverage to appear in later chapters.