securitywing

What is IDS?Basics of Intrusion Detection Systems

by Leave a Comment

The full form of IDS is: Intrusion Detection System. How many of you have heard about burglary? I guess everyone including children. How the burglar is so successful in intruding men’s safe heaven? The answer is when there is no system exists to control the access to your house or office, and then ample of opportunities might arise to misuse or steal your valuable belongings.

IDS, basically, detects any unauthorized access to your system or network. Thief alarm is a kind of intrusion detection system, since I will be aiming at computer network security, that’s why by IDS I mean a system which can effectively detect the unauthorized access to your network or computer system via any internal or external link such as Internet.Remember that IDS only can detect an intrusion, it cannot generate any response to an intrusion.

How IDS works?

Detecting and reporting a real-time attack is the purpose of IDS. Normally, IDS based on three functional parts-a system monitoring, inference and alerting components. Always the monitoring components of IDS look out for any unusual data traffic activity in you network-just like policing in a high-way; in this case it’s an information highway. Collected data from traffic monitoring device of an IDS is sent to inference engine to decide on whether the traffic is secure or not; if secure the traffic many pass on the network in case of insecure traffic the alerting device will send a message or a signal about the launching of a probable attack on your network.

Every attack has its own nature or signature. These signature patterns are pre-configured in the interference engine of an IDS, based on which IDS determines which traffic might pose a risk for the network. Since all types of data pass through a network are captured and analyzed by the IDS, that’s why a network-based IDS needs to be very fast in action.

Types of IDS

Primarily, IDS can be divided into two different categories based on the working principles. The first one is Network-based IDS and the second one is Host-based IDS. Network-based IDS are placed in some strategic access-point of a network from the outside world. On the other hand, host-based IDS never monitor any network traffic, instead it run on a particular machine or system to be monitored. Any traffic getting in or out of that system will be monitored only; other systems’ traffic will not be either monitored or detected for any security threats.

Related Posts:

Leave a Reply

Your email address will not be published.

Syras is a telecommunication and IT security professional with over 10 years of experience in this field. He has been running his personal blog Securitywing.com since 2010. He has the following certifications:

  • CISA(Certified Information Systems Auditor)
  • CCNP(Cisco Certified Network Professional)
  • Prince2( Project Management)
  • Machine Learning

 

Copyrights

Protected by Copyscape Duplicate Content Detection Software

Securitywing.com reserves the copyrights of all of its published articles.No contents of this site is permitted to be published to anywhere else in the Internet.If any contents are found in any other websites, securitywing reserves the rights to file a DMCA complaint. But you have the right to use the link of any relevant article of this site to point from your website if you consider that it might improve the quality of your article.

Tags

audit AWS backup basics browser check cisco cloud computer configuration database email encryption firewall gmail hsrp ids iis informaiton internet it linux load balancing malware microsoft network protection redundancy risk router security security tips server ssh SSL switch test tools vpn vrrp web webserver website windows wordpress
banner