The full form of IDS is: Intrusion Detection System. How many of you have heard about burglary? I guess everyone including children. How the burglar is so successful in intruding men’s safe heaven? The answer is when there is no system exists to control the access to your house or office, and then ample of opportunities might arise to misuse or steal your valuable belongings.
IDS, basically, detects any unauthorized access to your system or network. Thief alarm is a kind of intrusion detection system, since I will be aiming at computer network security, that’s why by IDS I mean a system which can effectively detect the unauthorized access to your network or computer system via any internal or external link such as Internet.Remember that IDS only can detect an intrusion, it cannot generate any response to an intrusion.
How IDS works?
Detecting and reporting a real-time attack is the purpose of IDS. Normally, IDS based on three functional parts-a system monitoring, inference and alerting components. Always the monitoring components of IDS look out for any unusual data traffic activity in you network-just like policing in a high-way; in this case it’s an information highway. Collected data from traffic monitoring device of an IDS is sent to inference engine to decide on whether the traffic is secure or not; if secure the traffic many pass on the network in case of insecure traffic the alerting device will send a message or a signal about the launching of a probable attack on your network.
Every attack has its own nature or signature. These signature patterns are pre-configured in the interference engine of an IDS, based on which IDS determines which traffic might pose a risk for the network. Since all types of data pass through a network are captured and analyzed by the IDS, that’s why a network-based IDS needs to be very fast in action.
Types of IDS
Primarily, IDS can be divided into two different categories based on the working principles. The first one is Network-based IDS and the second one is Host-based IDS. Network-based IDS are placed in some strategic access-point of a network from the outside world. On the other hand, host-based IDS never monitor any network traffic, instead it run on a particular machine or system to be monitored. Any traffic getting in or out of that system will be monitored only; other systems’ traffic will not be either monitored or detected for any security threats.