What is an IDS or Intrusion Detection System?
An Intrusion Detection System or IDS is a device or software application that monitors network or system activities and sends alerts to system administrators at the proper time. IDS monitors both inbound and outbound traffic or activities to detect possible intrusions.
What are the different types of Intrusion Detection Systems?
IDS can be of two types:
- Network Intrusion Detection Systems
- Host Intrusion Detection Systems
What are Network Intrusion Detection Systems (NIDS)?
Network Intrusion Detection Systems, or NIDS, are placed at certain points within the network so that they can monitor all the traffic to and from all the devices of the network. It maintains a library of known attacks and continuously analyses the passing inbound and outbound traffic. If any traffic matches with that of the library of the known attacks or any abnormal behavior is sensed, an alert is sent to the administrator. Sometimes, NIDS is placed in the subnet near the firewall to detect if anyone is trying to break the firewall. NIDS can also compare signatures of similar packets and detect harmful packets that match any recorded signatures.
What are Host Intrusion Detection Systems (HIDS)?
Unlike NIDS, Host Intrusion Detection Systems or HIDS monitor individual hosts or devices in the network. It inspects all the inbound and outbound packets of the device and alerts the administrator on suspicious activities. It can take a snapshot of system files at certain intervals and match them to see if any critical file was modified or deleted. And it can alert the administrator when required.
How is an IDS different from a firewall?
A firewall monitors all inbound and outbound traffic of a network and detects possible intrusion attempts based on certain information like IP address, port number, certain protocols used, etc. Firewalls can block malicious traffic. However, IDS detects intrusions by comparing the traffic against signatures of malicious threats or by comparing system activities against a baseline of known behavior and alerts the system administrator if there is any intrusion attempt. Depending on the configuration, it can also prevent intrusions (IPS).
0 Comments