Intrusion detection systems
Intrusion detection systems
An intrusion detection system (IDS) is a device or software application that monitors network or system activities for malicious activities or policy violations and produces reports to a management station.
Intrusion detection (ID) is a type of security management system for computers and networks.
An Intrusion Detection system gathers and analyzes information from various areas within a computer or a network to identify possible security threats, which include both attacks from outside the organization and misuse-attacks from within the organization.
IDS scanning also known as vulnerability assessment which is a technology developed to assess the security of a computer system or network
Intrusion detection functions include:
- Monitoring and analyzing both user and system activities
- Analyzing system configurations and vulnerabilities
- Assessing system and file integrity
- Ability to recognize patterns typical of attacks
- Analysis of abnormal activity patterns
- Tracking user policy violations
There are mainly two types of Intrusion Detection System:-
- Network based Intrusion Detection System (NIDS)
- Host based Intrusion Detection Systems (HIDS)
Typically, AN IDS follows a two-step process. The first procedures are host-based and are considered the passive component, these include: inspection of the system’s configuration files to detect inadvisable settings; inspection of the password files to detect inadvisable passwords; and inspection of other system areas to detect policy violations.
The second procedures are network-based and are considered the active component: mechanisms are set in place to find known methods of attack and to record system responses.
