blog




  • Essay / Intrusion Detection Systems - 1596

    Intrusion Detection SystemsIn 1980, James Anderson's article, Computer Security Threat Monitoring and Surveillance, carried the notion of intrusion detection. Thanks to government funding and serious business interest, intrusion detection systems (IDS) have been able to develop to their current state. So, what exactly is IDS? An IDS is used to detect malicious network traffic and computer usage via attack signatures. The IDS not only monitors attacks originating from incoming Internet traffic, but also attacks originating within the system. When a potential attack is detected, the IDS records the information and sends an alert to the console. How the alert is detected and handled depends on the type of IDS in place. Through this article, we will discuss the different types of IDS and how they detect and handle alerts, the difference between a passive and reactive system, and some general IDS intrusion invasion techniques. Let's first see what the difference is between a passive system and a reactive system. Responsive IDS. In a passive IDS, the sensor detects a potential threat, then records the information and sends an alert to the console. With a reactive IDS, also known as an intrusion prevention system (IPS), the threat would be detected and recorded. Then, the reactive IDS would reset the connection or reprogram the firewall to block network traffic from the suspicious source, which could be automatic or under the control of an operator. Therefore, a reactive system will act in response to the threat while a passive system will simply record and send an alert to the console informing the operator of a threat. There are many types of intrusion detection systems, network intrusion detection, host-based, protocol. based, low application protocol...... middle of paper ......the real attack. Utilities such as stick and snot are designed to send a large amount of attack signatures across a network to generate a large number of IDS alerts. However, this will only work on IDSs that do not maintain application protocol context. As you can see with the many methods used to bypass intrusion detection systems, as with any network security system, there is no complete security solution. Even then, intrusion detection systems will still be necessary. Best would be a combination of network-based and host-based IDS, in other words a hybrid IDS. These will give you the benefits of both worlds of IDS and allow for greater security. Regardless of your opinion on which solution is right for you, intrusion detection systems are here to stay and are a valuable tool in network security.Resourceshttp://www.securityfocus.com/infocus/1514