In this chapter, you learned about network intrusion detection and prevention systems. We also explored how each has a different role to play and the different ways in which each performs its task. We have also been exposed to SNORT, which is a very versatile tool that can be used for both packet capture and network intrusion detection and prevention. You learned the importance of creating rules for NIDS/NIPS and explored how we can use these rules to identify intruders in our network.
In the next chapter, you will learn about a very important aspect of network forensics—connecting the dots using network logs. Just as a murderer leaves traces next to the victim's body, an intruder leaves traces of his/her activity in a network's log. Hence, the importance of network logs in any investigation is paramount. The next chapter will prepare us from this perspective.
18.118.0.145