Which of the following is a signature-based intrusion detection system (IDS) ?

A.
RealSecure

B.
StealthWatch

C.
Tripwire

D.
Snort

Explanation:
Snort is a signature-based intrusion detection system. Snort is an open source
network intrusion prevention and detection system that operates as a network sniffer. It logs
activities of the network that is matched with the predefined signatures. Signatures can be
designed for a wide range of traffic, including Internet Protocol (IP), Transmission Control Protocol
(TCP), User Datagram Protocol (UDP), and Internet Control Message Protocol (ICMP). The three
main modes in which Snort can be configured are as follows: Sniffer mode: It reads the packets of

the network and displays them in a continuous stream on the console. Packet logger mode: It logs
the packets to the disk. Network intrusion detection mode: It is the most complex and configurable
configuration, allowing Snort to analyze network traffic for matches against a user-defined rule set.
incorrect. RealSecure is a network-based IDS that monitors TCP, UDP and ICMP traffic and is
UNIX/Linux that can be used for host-based intrusion detection.