Intrusion Detection System (IDS), as its name suggests, is used to detect network anomalies.
It is nothing but a combination of software and hardware used to network and host monitoring. If you are a network administrator, and you have the habit of regularly checking your server log, workstation login details, and/or firewall access logs. Then you are already doing intrusion detection.
IDS is made to assist you in this process. It is divided into two types of devices : the Network Based and Hosted Based device.
Network Based IDS comprises of a sniffer engine as the component to capture network packets in a subnet. Sniffer is a network tap connected to a particular network segment using a network device in promiscuous mode. It captures and retains the packets to be sent to a analyzing engine for analysis.
A Network Based IDS can be comprised of many sniffer taps connected at various segments of your network. They collect the network packet information and send them all back to the analyzing engine for one-stop analysis.
The analyzing engine operates by comparing the packet information to known network misuse patterns and decide if they is any potential danger of network attacks.
IDS operates by basing on the network attack signature files that guide the analyzing engine to do the lookup. So it works like anti-virus program, if your pattern file is smart, it works smart. If it is dump, it does not work either. So you need to constantly update and refine the pattern file as per your unique network traffic pattern and usage.
Host Based Intrusion Detection device works by operating itself on a host (usually a server but you can use it on a particular suspicious workstation) and anlayse the host with the Host Based IDS software.
The drawback of Host Based IDS is, thus, the unavoidable modification of the host (because you have to install the IDS software to it) and you need different version of IDS software for different hosts of different OS.
But Host Based IDS can be made to conduct more precise monitoring on the host related suspicious activities and it also achieve a higher level of monitoring (on application level) than Network Based IDS.
There are many myths about IDS. Let’s talk more about this later.
Tags
Technorati Tags: Intrusion Detection System, IDS, network anomalies, network and host monitoring, Network Based IDS, sniffer, promiscuous mode, network misuse patterns, network attack signature, Host Based Intrusion Detection, myths about IDS
Best Deal Ads :
One Response to 'Intrusion Detection System - is it truly automatic?'
Leave a Reply
TagsAccess Control Asymmetric Encryption Authentication Authorization availability Beyond Fear Bruce Schneier Brute Force Attack Caesar Cipher Certificate Authority ciphertext Computer Security confidentiality Cryptographic Key Cryptography cryptology decryption DES encryption Firewall Google Hacking IDS Information Owner Information Risk Management Information Security Information Security Management integrity Intrusion Detection System Leon Battista Alberti Operations Security password management Physical Security Private Key Public Key Risk Management Risk mitigation single point of failure Thawte Threats TrueCrypt USB Data Encryption Verisign Vulnerabilities Vulnerability work factor
- November 2008 (1)
- October 2008 (1)
- September 2008 (5)
- August 2008 (6)
- July 2008 (3)
- June 2008 (2)
- May 2008 (6)
- April 2008 (6)
- March 2008 (13)
- August 2006 (3)
- July 2006 (8)
- June 2006 (4)
[...] In case you are unfamiliar with IDSs, refer to my posts here: http://www.bestinternetsecurity.net/19/ http://www.bestinternetsecurity.net/18/ [...]