Intrusion Detection System

It is very important to protect your computer system from attack, particularly in the highly connected network climate that we are living in nowadays. One approach to monitor your system for invasive action is by installing Intrusion Detection Systems or IDS.

The common protection approach that most companies (both small and large) use to protect their facility from theft will be a normal alarm system. Given this fact, it’s amazing to identify the number of companies that would install very little or no protection to safeguard their systems from theft and attack of valuable data. An intrusion detection system is basically a burglar security alarm for your network and can enable you to keep track of your network to identify intrusive activities. Whenever intrusive activity takes place, the IDS will give an alarm to inform you that your network is perhaps under attack. Similar to standard burglar alarms, but the IDS could deliver false alarms or false positives.

A false positive happens whenever the IDS give an alarm from regular user activity. In case the IDS give too much false positives, you will lose all confidence in its ability to protect your system. When you have a burglar alarm which constantly chimes inaccurately, the police become conditioned to the simple fact that your business is susceptible to false alarms. This means that when there is a real break-in, law enforcement might not respond as fast believing that the alarm is another false one. As a result, it is very important that you set up the IDS to reduce the amount of false positives that it cranks out.

The IDS might also give false negatives. For this scenario, an attack happens against your system and the IDS does not alert though it may be built to identify this kind of attack. It is much better for the IDS to in fact give more alerts for false positives instead of producing false negatives.

Some triggering mechanisms

In order to protect your system, the IDS should generate alarms whenever it detects invasive activity. There are different trigger alarms depending on the type of network activity. However, the two most popular triggering mechanisms are Anomaly detection and Misuse detection.

Apart from employing a triggering mechanism, the IDS should in some way watch for invasive activity at certain points within the network. The monitoring of intrusive activity usually takes place at host-based or network-based levels.

Finally, most intrusion detection systems include several features in a single network. These systems are called hybrid systems.

Tags: ids importance, ids reason, importance, importance ids, intrusion detection systems

This entry was posted on Monday, March 14th, 2011 at 3:19 pm and is filed under intrusion detection system. You can follow any responses to this entry through the RSS 2.0 feed. Responses are currently closed, but you can trackback from your own site.