logging capabilities, you might find evidence of an attack in your logs, but a smart hacker can even get around that. To see what’s really going on, you need an intrusion detection system. These systems watch for the telltale signs of hacking and alert you immediately when they occur. They are a necessary component of any truly secure network. Intrusion Detection Systems Intrusion detection systems IDS are software systems that detect intrusions to your network based on a number of telltale signs. Active IDS attempt to either block attacks, respond with countermeasures, or at least alert administrators while the attack progresses. Passive IDS merely log the intrusion or create audit trails that are apparent after the attack has succeeded. intrusion detection system IDS Systems that detect unauthorized access to other systems. active IDS An intrusion detection system that can create responses, such as blocking network traffic or alerting on intrusion attempts. passive IDS IDS that record information about intrusions but which do not have the capability of acting on that information. audit trail A log of intrusion detection events that can be analyzed for patterns or to create a body of evidence. While passive systems may seem lackluster and somewhat useless for preventing attacks, there are a number of intrusion indicators that are only apparent after an intrusion has taken place. For example, if a disgruntled network administrator for your network decided to attack, he’d have all the keys and passwords necessary to log right in. No active response system would alert you to anything. Passive IDS systems can still detect the changes that an administrator makes to system files, deletions, or whatever mischief has been caused. Widespread hacking and the deployment of automated worms like Code Red and Nimda into the wild have created a sort of background radiation of hacking attempts on the Internet— there’s a constant knocking on the door, and teeming millions of script kiddies looking to try their warez out on some unsuspecting default Windows or aging RedHat installation. background radiation The normal, mostly futile, hacking activity caused by automated worms and script kiddies.