What are intrusion detection systems
Intrusion detection systems monitor the traffic on a network and also track suspicious activities in order to alert the network or system administrator. There are times when the IDS could also act in response to malevolent or anomalous traffic by taking action like blocking the owner of the system or the source IP address from being able to access the network.
These systems can be found in many different forms and they will function to detect questionable traffic in different ways. At this moment, you can find network based or NIDS and host based or HIDS intrusion detection systems. It is possible find IDS which identify threats from searching certain signatures of widespread threats- like how anti-virus software often spots and safeguard against mal-ware. In addition, there are IDS which detect by comparing the pattern of traffic against a baseline while looking for anomalies. You can find IDS that will basically monitor and then alert, plus other systems that take actions after responding to a discovered threat.
The Network or NIS systems can be inserted a specific point or perhaps points in the network to keep track of all traffic. Essentially you should scan all the outbound and inbound activities, but this might cause a bottleneck and damage the over-all network speed.
Host Intrusion systems will be operated on individual devices or hosts on a network. This system will monitor the outbound and inbound packets only from the device and will notify the administrator or users of any suspicious activity that is detected.
The signature based system will keep an eye on network packets and then compare them against the signatures files or features from known malicious threats. Basically, this will work similar to most antivirus programs when detecting malware. But, there is a drawback as there will be downtime in between new discoveries of threats and the signature for locating threats used on the IDS.
Any IDS that is anomaly based can keep track of network traffic and then compare this against a recognized baseline. This baseline can recognize what is normal for the network, such as the type of bandwidth often used; the protocols used; the devices and ports which generally connect and notify the user or administrator whenever traffic is discovered which is anomalous or even substantially different from the baseline.
All in all, intrusion detection systems will be great tools to proactively monitor and protect your network from any malicious activity, but they are also liable to give false alarms. You want to have an IDS properly configured to detect the normal and malicious traffic, but as the user or administrator you should know how to respond effectively to the alerts.
Tags: ids definition, ids explanation, intrusion detection system definition, what are ids, what are intrusion detection system