What is Intrusion Detection System: Tech Files

0
256
intrusion detection system

        Intrusion Detection System

 

You don’t like getting Hacked. Do you? As you may have anti-viruses for your home network, you could have Intrusion Detection System for your more important networks. As the name suggests, an Intrusion Detection System commonly termed as IDS is a device or software application that monitors network or system activities for malicious activities or policy violations and produces reports to management stations.

Functions of Intrusion Detection Systems are:

  • Monitoring and analyzing both user and system activities.
  • Analyzing system configurations and vulnerabilities.
  • Assessing system and file integrity.
  • Ability to recognize typical patterns of attacks.
  • Analysis of abnormal activity patterns.
  • Tracking user policy violations.

 

There are network based (NIDS) and host based (HIDS) intrusion detection systems.

Network Intrusion Detection Systems:

Network Intrusion Detection Systems are used to check all the traffic to and from all devices on the network. It performs an analysis of passing traffic on the entire subnet, and matches the traffic with the library of known attacks. Once an attack is identified or unusual behaviour is detected, the alert can be sent to the administrator. On-line NIDS deals with the network in real time while Off-line NIDS deals with a stored data and pass it on detection  softwares to decide if it is an attack or not.

Host Intrusion Detection Systems:

Host Intrusion Detection Systems run on individual hosts or devices on the network. It performs analysis of traffic inbound and outbound from the device only and alert the user or administrator if suspicious activity is detected.

 

Limitations:

 

  • Noise can severely limit an intrusion detection system’s effectiveness. Bad packets generated from software bugs, corrupt DNS data, and local packets that escaped can create a significantly high false-alarm rate.
  • It is not uncommon for the number of real attacks to be far below the number of false-alarms. Many of the real attacks are often missed and ignored.
  • IDS needs to be constantly updated to fight against new strategies to attack the network.
  • It cannot compensate for a weak identification and authentication mechanisms or for weakness in network protocols.
  • Encrypted packets are not processed by the intrusion detection software and nowadays many of the Hackers are using network encryption to hide their traffic.

 

 

Some Free IDS are:

 

  • ACARM-ng
  • Bro NIDS
  • Snort
  • Prelude Hybrid IDS

LEAVE A REPLY