What is Intrusion Detection System (IDS)?

What is Intrusion Detection System (IDS)? – An Intrusion Detection System (IDS) is security software or hardware device which inseptcs all inbound and outbound network traffic for suspicous patterns that may indicate a network or system security breach.

The IDS checks traffic for signatures that match known intrusion patterns, and signals an alarm when a match is found.

Depending on the traffic to be monitored, the IDS is placed outside/inside the firewall to monitor suspicous traffic originating from outside/inside the network.

What is Intrusion Detection System (IDS)?

Main Functions of IDS:

  • An IDS gathers and analyzes information from within a computer or a network, to identify the possible violations of security policy, including unauthorized access, as well as misuse.
  • An IDS is also referred as a “packet-sniffer” which intercepts packets travelling along various communication mediums and protocols, usually TCP/IP.
  • The packets are analyzed after they are captured.
  • An IDS evaluates traffic for suspected intrusions and signals an alarm after detection.

Where The IDS resides in the network?

One of the most common places to deploy IDS is near the firewall. Depending on the traffic to be a monitor, IDS is placed outside/inside the firewall to monitor suspicious traffic originating from outside/ inside the network. Placed inside, the IDS will be ideal if it is near a DMZ; however, the best practice is to use a layered defense by deploying one IDS in front of the firewall and another one behind the firewall in the network.

Before deploying the IDS, it is essential to analyze network topology, understand how the traffic flows to and form the resources that an attacker can use to gain access to the network, and identify the critical components that will be a possible target by many of the attacks against the network. Even after deciding the position of the IDS in the network, its configuration would maximize the effectiveness of network protection.

What is Intrusion Detection System (IDS)?

How IDS Works?

The primary purpose of the IDS is to recognize and provide real-time monitoring of intrusions. Additionally, reactive IDSs and IPs can intercept, respond, and/or prevent the intrusions.

An IDS works in following way:

  • IDSs have sensors to detect malicious signatures in data packets, and some advanced IDSs have behavioral acitivity detection, to determine malicious traffic behavior. Even if the packet signautes do no match perfectly with the signatures in th IDS signature database, the activity detection system can alert administrators about possible attacks.
  • If the signature matches, the IDS performs predefined actions such as terminating the connection, blocking the IP Address, dropping the packet, and/or signalling an alarm to notify the administrator.
  • When signature matches, anomaly detection will skip; otherwise, the sensor may analyze traffic patterns for an anomaly.
  • When the packet passes all tests, the IDS will forward it into the network.

The adminitrator must also be able to identify the methods and techniques used by the intruder and the source of the attack.

What is Intrusion Detection System (IDS)?

For More Hacking Content Click Here

Related posts

Leave a Comment