What is Intrusion Detection System? – An Intrusion Detection Systems (IDS) inspects all inbound and outbound network traffic for suspicious patterns that may indicate a network or system security breach.
The IDS checks traffic for signatures that match known intrusion patterns, and signals an alarm when a match is found.
Post Contents
How IDS Works
Ways To Detect an Intrusion
Signature Recognition
It is also known as misuse detection, Signature recognition tries to identify events that indicate misuse of a system resource.
Anomaly Detection
It detect the intrusion based on the fixed behavioral characterstics of the users and components in a computer system.
Protocol Anomaly Detection
In this type of detection, models are built to explore anomalies in the way vendors deploy the TCP/IP specification.
General Indication of Network Intrusions
Repeated probes of the available services on your machines
Connections from unusual locations.
Repeated login attempts from remote hosts.
Aribitrary data in log files, indicating attempts to cause a DoS or to crash a service.
General Indications of System Intrusions
Short or Incomplete logs
Unusual graphic displays or text messages.
Unusually slow system performance
Modifications to system software and configuration files.
Missing logs or logs with incorrect permissions or ownership.
System crashes or reboots
Gaps in the system accounting
Types of Intrusion Detection Systems
Network-Based IDS
These mechanisms typically consist of a black box that is placed on the network in the promiscuous mode, listening for patterns indicative of an intrusion.
It detects malicious activity such as DoS attacks, ports scans or even attempts to crack into computers by monitoring network traffic.
Host-Based IDS
These mechanisms usually include auditing for events that occur on a specific host.
These are not as common, due to the overhead they incur by having to monitor each system event.
System Integrity Verifiers (SIV)
System Integrity Verifiers detect changes in critical system components which help in detecting system intrusions.
SIVs compares a snapshot of the file system with an existing baseline snapshot.
ex , Tripwire
For More Hacking Content Click Here
[…] Miss to Read :- IDS , Cloud Security , Exploit […]
[…] firewall and IDS Rules to detect and block […]
[…] IPS and IDS in the […]