What is Intrusion Detection System?

What is Intrusion Detection System?

What is Intrusion Detection System? – An Intrusion Detection Systems (IDS) inspects all inbound and outbound network traffic for suspicious patterns that may indicate a network or system security breach.

The IDS checks traffic for signatures that match known intrusion patterns, and signals an alarm when a match is found.

How IDS Works

Ways To Detect an Intrusion

Signature Recognition

It is also known as misuse detection, Signature recognition tries to identify events that indicate misuse of a system resource.

Anomaly Detection

It detect the intrusion based on the fixed behavioral characterstics of the users and components in a computer system.

Protocol Anomaly Detection

In this type of detection, models are built to explore anomalies in the way vendors deploy the TCP/IP specification.

General Indication of Network Intrusions

Repeated probes of the available services on your machines

Connections from unusual locations.

Repeated login attempts from remote hosts.

Aribitrary data in log files, indicating attempts to cause a DoS or to crash a service.

General Indications of System Intrusions

Short or Incomplete logs

Unusual graphic displays or text messages.

Unusually slow system performance

Modifications to system software and configuration files.

Missing logs or logs with incorrect permissions or ownership.

System crashes or reboots

Gaps in the system accounting

Types of Intrusion Detection Systems

Network-Based IDS

These mechanisms typically consist of a black box that is placed on the network in the promiscuous mode, listening for patterns indicative of an intrusion.

It detects malicious activity such as DoS attacks, ports scans or even attempts to crack into computers by monitoring network traffic.

Host-Based IDS

These mechanisms usually include auditing for events that occur on a specific host.

These are not as common, due to the overhead they incur by having to monitor each system event.

System Integrity Verifiers (SIV)

System Integrity Verifiers detect changes in critical system components which help in detecting system intrusions.

SIVs compares a snapshot of the file system with an existing baseline snapshot.

ex , Tripwire

For More Hacking Content Click Here

Related posts

3 Thoughts to “What is Intrusion Detection System?”

  1. […] Miss to Read :- IDS , Cloud Security , Exploit […]

Leave a Comment