The security for technological attack has becoming more difficult nowadays. Though there are a lot of security services available but the combination of multi-layer security will be better than none. More computers, sites and networks are being attacked while IS systems are developed in response to this attackers. And this is where Intrusion Detection System comes.
What is Intrusion Detection System?
Intrusion Detection System or IDS is a combination of hardware and software security system that detects internal and external attacks in real-time monitoring. It also analyzes system configuration and weaknesses, file integrity, and can tracks user policy violation. It is used to guard data and network activity to make necessary actions in response to the attack if there are any intrusions that can compromise computers and networks. This is use to strengthen the security for data confidentiality, authenticity and safety from malicious activity.
Intrusion detection provides the following:
- Audit of the Operating System
- System configurations and vulnerabilities audit
- Integrity of critical system and data files audit
- Analysis of abnormal activity
- User and system activity monitoring and analysis
- Activity patterns based on the matching to known attacks statistical analysis
There are two techniques or approaches to Intrusion Detection:
Anomaly Detection – This approach monitors the network traffic. They will compare and identify network traffic in contrast to the other to detect which activity is anomalous or malicious. They will identify by means of the use of bandwidth, protocols used, ports, and devices that connects each other.
Signature or Misuse Detection – this one uses their database of the known malware patterns or signature to detect which activity matches the attributes of the threats saved. However the new discoveries of threats in this approach won’t be detected.
There are different types of intrusion system, they are classified as follows:
Network Intrusion Detection System or NIDS are places along segments or point and monitors traffic that moves to and from the system. It covers devices on the network or subnetwork but due to the volume of traffic it affects the speed of the network.
Host Intrusion Detection System or HIDS monitors the ingoing or outgoing packets within the network. They are operating on the individual host usually the server and monitor the hard drive. This will be able to detect the malicious changes of the host’s activity and its content. It requires agents or small program to be installed on the individual system. It only monitors the host and not the entire network.
Passive IDS are used to monitor and analyzed any malicious activity or network traffic and alert the administrator about it. Therefore the action to prevent any suspicious activity depends on the administrator. Passive IDS only alerts and detects suspicious activities and incapable of doing any preventive or protective measures as response to the malicious activity.
Active IDS or most commonly known as the Intrusion Prevention System or IPS is designed to automatically block any malicious activity or content and does not require the administrator to take any intervention. It provides real – time preventive response the suspected attack and blocks the source such as IP address or the user. But because it is automatic and does not require the administrator’s intervention it might block network traffics that are legitimate because it does not have the proper identification or filtration of the users or application. They may be denied improperly upon entering the network.
The IDS CAN provide the following:
- Security management of your system even by a non-expert staff
- Automate monitoring task and searching for latest attacks
- Errors detection in system configuration
- Add higher degree of integrity to infrastructure
- Guide system administrator in the establishment of policy for the computing assets
- Trace user activity
- Recognize alterations to report data
So there we have the things that we need to understand about the IDS. IDS is a great tool to act as our monitoring and protective system from alarming or malicious packets or activity that moves to the entire network. However, there are also red flags that you need to understand and configure more before using the Security system.