What is Intrusion detection systems (IDS) ?
An intrusion detection system (IDS) is a type of security software designed to automatically alert administrators when someone or something is trying to compromise information system through malicious activities or through security policy violations.
An IDS works by monitoring system activity through examining vulnerabilities in the system, the integrity of files and conducting an analysis of patterns based on already known attacks. It also automatically monitors the Internet to search for any of the latest threats which could result in a future attack.
What are different types of intrusion detection systems ?
1. Active and Passive IDS (APIDS).
2. Network Intrusion detection systems (NIDS) and
3. Host Intrusion detection systems (HIDS)
1. Active (AIDS)
An active Intrusion Detection Systems (IDS) is also known as Intrusion Detection and Prevention System (IDPS). Intrusion Detection and Prevention System (IDPS) is configured to automatically block suspected attacks without any intervention required by an operator. Intrusion Detection and Prevention System (IDPS) has the advantage of providing real-time corrective action in response to an attack.
Passive (PIDS)
A passive IDS is a system that’s configured to only monitor and analyze network traffic activity and alert an operator to potential vulnerabilities and attacks. A passive IDS is not capable of performing any protective or corrective functions on its own.
2. Network Intrusion detection systems (NIDS).
Network Intrusion Detection Systems (NIDS) usually consists of a network appliance (or sensor) with a Network Interface Card (NIC) operating in promiscuous mode and a separate management interface. The IDS is placed along a network segment or boundary and monitors all traffic on that segment.
3. Host Intrusion detection systems (HIDS).
A Host Intrusion Detection Systems (HIDS) and software applications (agents) installed on workstations which are to be monitored. The agents monitor the operating system and write data to log files and/or trigger alarms. A host Intrusion detection systems (HIDS) can only monitor the individual workstations on which the agents are installed and it cannot monitor the entire network. Host based IDS systems are used to monitor any intrusion attempts on critical servers.
The drawbacks of Host Intrusion Detection Systems (HIDS) are
• Difficult to analyse the intrusion attempts on multiple computers.
• Host Intrusion Detection Systems (HIDS) can be very difficult to maintain in large networks with different operating systems and configurations
• Host Intrusion Detection Systems (HIDS) can be disabled by attackers after the system is compromised.
