Intrusion Detection

Intrusion Detection System or IDS is a system that is capable of analyzing real time and delayed events in a computer system. It is the job of an intrusion detection system to detect overflows and other visible signs of attacks so as to generate alerts for possible actions and procedures to protect information systems. It is a vital part of any information system as it allows you to guard your network against potential threats and vulnerabilities.

With threats of security breaches and similar vulnerabilities advancing at lightning speeds, IDS is an indispensable tool for any computer or information system user for managing potential intrusions. System intruders can be any individual or groups of individuals attempting to either access or prevent access to data. They can pose internal or external threats that can be extremely disruptive to your network or system. A properly deployed intrusion detection system will ensure fast identification of the methods or the types of threats these intruders pose while providing intelligent alerts to the threat and potential actions to take against them. There are even advanced IDS programs that are designed to stop the intrusion as they happen. These systems even analyze how the intrusion was made possible, in turn, enabling them to deny similar exploitations in the future.

IDS sensors fall under three major types, namely (1) host-based, (2) network-based, and (3) hybrid. Host-based programs are deployed on individual hosts. They monitor packets that are directed at the host’s system or the processes inside it. Network-based programs on the other hand, use network cards in wanton mode and perform analysis of all packets on a particular network segment. These programs can monitor an entire network or several systems depending on their area of deployment as well as the network’s topology. Hybrid sensors offer the capabilities of bot network-based and host-based sensors.