INSPECTING THE INSPECTORS

摘要

Just a few short years ago, an ids was a luxury. Before the rise of the web appli- cation and the worm, most networks were adequately defended by a firewall at the perimeter and a virus scanner at the mail server. Today, the firewall remains effective against clumsy DoS attacks and run-of-the-mill exploits, but it's hard-pressed to thwart application-layer attacks that piggyback on welcome protocols and worms that wind their way inside the network through any overlooked port or a mobile user's laptop. Not only are perimeter defenses less adequate than they used to be, but internal network resources — including business-critical applications exposed to the Web — are more valuable to their companies than ever. Naturally, the double whammy of a hole-ridden perimeter and an invaluable core has network managers looking for an edge. The IDS is becoming part of the standard toolkit.