Intrusion detection systems

An intrusion detection system (IDS) is a device or software application that monitors network or system activities for malicious activities or policy violations and produces reports to a management station.

Intrusion detection (ID) is a type of security management system for computers and networks.

An Intrusion Detection system gathers and analyzes information from various areas within a computer or a network to identify possible security threats, which include both attacks from outside the organization and misuse-attacks from within the organization.

IDS scanning also known as vulnerability assessment which is a technology developed to assess the security of a computer system or network

Intrusion detection functions include:

1. Monitoring and analyzing both user and system activities
2. Analyzing system configurations and vulnerabilities
3. Assessing system and file integrity
4. Ability to recognize patterns typical of attacks
5. Analysis of abnormal activity patterns
6. Tracking user policy violations

There are mainly two types of Intrusion Detection System:-

1. Network based Intrusion Detection System (NIDS)
2. Host based Intrusion Detection Systems (HIDS)

Typically, AN IDS follows a two-step process. The first procedures are host-based and are considered the passive component, these include: inspection of the system’s configuration files to detect inadvisable settings; inspection of the password files to detect inadvisable passwords; and inspection of other system areas to detect policy violations.

The second procedures are network-based and are considered the active component: mechanisms are set in place to find known methods of attack and to record system responses.