Intrusion Detection System

How An Intrusion Detection System Operates

An intrusion detection system is used to monitor network traffic, check for suspicious activities and notifies the network administrator or the system. In some instances, the IDS might also react to malicious or anomalous traffic and will take action such as barring the user or perhaps the IP address source from accessing the system.

IDS are available in many different types and will approach the mission of uncovering shady traffic in various ways. You can find host-based (HIDS) and network-based (NIDS) systems. Additionally, there are also IDS which detect movements by searching for particular signatures of well-known threats, just like the way how antivirus software generally detects and safeguards against malware and also IDS which detect by assessing traffic patterns against the baseline and look for anomalies. Besides that, there are IDS that basically observe and alert, plus systems that carry out an action or even actions in reaction to a recognized threat.

The following will take a brief look on each intrusion detection system:

NIDS
These are installed at a tactical point or maybe points inside the network in order to monitor all traffic on the network. In reality you would check out all incoming and outgoing traffic, but doing this could produce a bottleneck which would damage the all round speed of your computer network.

Signature Based
This can be used to monitor the packets on the system and then do a comparison against the database of attributes or signatures from recognized malicious threats. It is similar to how most anti-virus software would detect malware. However, there is a downside with this system because there will be a lag in between when new threats are identified in the wild and also the signature for finding that threat being used on your IDS. In that lag period the IDS will be unable to identify any new threat.

HIDS
These operate on individual devices or hosts on the system. This will monitor all the incoming and outgoing packets on the device only and can notify the administrator or user of any suspicious activity.