Detect evidence of break-in attempts with host-based intrusion detection systems
Stop, Thief

A host-based intrusion detection system is a simple but powerful tool for finding traces of an attacker's footprint.
If your existence depends on extreme security, you could put your computers in a bunker and avoid external network connections, but unless you happen to be dealing with nuclear missiles, the realities of doing business might require you to configure some form of Internet access, and the price for joining the information superhighway is a need to watch for attackers attempting to penetrate your network.
IT professionals deploy a dizzying variety of tools for protecting the modern network, from firewalls to sophisticated intrusion prevention frameworks. (See the box titled "NIDS, IPS, HIDS.") One useful class of tools that receives less attention than it used to is the humble host-based intrusion detection system (HIDS). HIDS systems perform checks on a single host computer to look for indications of a recent attack.
HIDS works on the principle that every attacker leaves tracks. In forensics, this assumption is known as Locard's exchange principle: Interaction always causes change. The trick is to identify this change and draw the right conclusions [1].
[...]
Buy this article as PDF
(incl. VAT)