intrusion detection system
An intrusion detection system (IDS) inspects all inbound and outbound network activity and identifies suspicious patterns that may indicate a network or system attack from someone attempting to break into or compromise a system.
There are several ways to categorize an IDS:
- misuse detection vs. anomaly detection: in misuse detection, the IDS analyzes the information it gathers and compares it to large databases of attack signatures. Essentially, the IDS looks for a specific attack that has already been documented. Like a virus detection system, misuse detection software is only as good as the database of attack signatures that it uses to compare packets against. In anomaly detection, the system administrator defines the baseline, or normal, state of the network��s traffic load, breakdown, protocol, and typical packet size. The anomaly detector monitors network segments to compare their state to the normal baseline and look for anomalies.
- network-based vs. host-based systems: in a network-based system, or NIDS, the individual packets flowing through a network are analyzed. The NIDS can detect malicious packets that are designed to be overlooked by a firewall��s simplistic filtering rules. In a host-based system, the IDS examines at the activity on each individual computer or host.
- passive system vs. reactive system: in a passive system, the IDS detects a potential security breach, logs the information and signals an alert. In a reactive system, the IDS responds to the suspicious activity by logging off a user or by reprogramming the firewall to block network traffic from the suspected malicious source.
Though they both relate to network security, an IDS differs from a firewall in that a firewall looks out for intrusions in order to stop them from happening. The firewall limits the access between networks in order to prevent intrusion and does not signal an attack from inside the network. An IDS evaluates a suspected intrusion once it has taken place and signals an alarm. An IDS also watches for attacks that originate from within a system.
- Check out eWeek's new Research Center, a central and comprehensive library of whitepapers, eBooks, eseminars, webcasts, and more from top industry brands and independent tech journalists »
- Watch Datamation's editor James Maguire moderate roundtable discussions with tech experts from companies such as Accenture, Dell, Blue Jeans Network, Microsoft and more »
If hackers get their hands on your company's data, they can wreak havoc on customer relationships and cause tremendous damage to your brand and... Read More »Windows XP: Move Along, There's Nothing to See Here
After more than 12 years of holding the title of most popular operating system in the world, Windows XP is taking center stage for its final... Read More »Report: The Role of Big Data in the Marketing Industry
According to a new study from Infogroup Targeting Solutions, we can expect to see companies spend heavily on big data marketing initiatives in... Read More »
Creating desktop shortcuts to a websites is useful. When you double-click the icon from your desktop it automatically launches the browser and... Read More »Flash Data Storage Vendor Trends
Although it is almost impossible to keep up with the pace of ongoing product releases, here are three recent highlights in the flash data storage... Read More »15 Important Big Data Facts for IT Professionals
Keeping track of big data trends, research and statistics gives IT professionals a solid foundation to plan big data projects. Here are 15... Read More »