Intrusion detection systems (IDSs) are software or hardware systems that automate the process of monitoring the events occurring in a computer system or network, analyzing them for signs of security problems. As network attacks have increased in number and severity over the past few years, intrusion detection systems have become a necessary addition to the security infrastructure of most organizations. This guidance document is intended as a primer in intrusion detection, developed for those who need to understand what security goals intrusion detection mechanisms serve, how to select and configure intrusion detection systems for their specific system and network environments, how to manage the output of intrusion detection systems, and how to integrate intrusion detection functions with the rest of the organizational security infrastructure.References to other information sources are also provided for the reader who requires specialized or more detailed advice on specific intrusion detection issues.
What is intrusion detection?
Intrusion detection is the process of monitoring the events occurring in a computer
system or network and analyzing them for signs of intrusions, defined as attempts to
compromise the confidentiality, integrity, availability, or to bypass the security
mechanisms of a computer or network. Intrusions are caused by attackers accessing
the systems from the Internet, authorized users of the systems who attempt to gain
additional privileges for which they are not authorized, and authorized users who
misuse the privileges given them. Intrusion Detection Systems (IDSs) are software or
hardware products that automate this monitoring and analysis process.
Why should I use Intrusion Detection Systems?
Intrusion detection allows organizations to protect their systems from the threats that come with increasing network connectivity and reliance on information systems.
Given the level and nature of modern network security threats, the question for security professionals should not be whether to use intrusion detection, but which
intrusion detection features and capabilities to use.
IDSs have gained acceptance as a necessary addition to every organization’s security
infrastructure. Despite the documented contributions intrusion detection technologies
make to system security, in many organizations one must still justify the acquisition
of IDSs. There are several compelling reasons to acquire and use IDSs:
- To prevent problem behaviors by increasing the perceived risk of discovery and punishment for those who would attack or otherwise abuse the system
- To detect attacks and other security violations that are not prevented by other security measures
- To detect and deal with the preambles to attacks (commonly experienced as network probes and other “doorknob rattling” activities)
- To document the existing threat to an organization
- To act as quality control for security design and administration, especially of large and complex enterprises
- To provide useful information about intrusions that do take place, allowing improved diagnosis, recovery, and correction of causative factors.
Process model for Intrusion Detection
Many IDSs can be described in terms of three fundamental functional
components:
- Information Sources – the different sources of event information used to determine whether an intrusion has taken place. These sources can be drawn from different levels of the system, with network, host, and application monitoring most common.
- Analysis – the part of intrusion detection systems that actually organizes and makes sense of the events derived from the information sources, deciding when those events indicate that intrusions are occurring or have already taken place. The most common analysis approaches are misuse detection and anomaly detection.
- Response – the set of actions that the system takes once it detects intrusions. These are typically grouped into active and passive measures, with active measures involving some automated intervention on the part of the system, and passive measures involving reporting IDS findings to humans, who are then expected to take action based on those reports.
How do I distinguish between different Intrusion Detection approaches?
There are several design approaches used in Intrusion Detection. These drive the features provided by a specific IDS and determine the detection capabilities for that system. For those who must evaluate different IDS candidates for a given system environment, these approaches can help them determine what goals are best addressed by each IDS.
Architecture
The architecture of an IDS refers to how the functional components of the IDS are arranged with respect to each other. The primary architectural components are the Host, the system on which the IDS software runs, and the Target, the system that the IDS is monitoring for problems.
A great review article on Intrusion detection systems.It briefly explained to all the readers about this systems. We gained a lot of beneficial after reading it.
ReplyDeletegreat article on IDS give us a insight of how to stop hackers,and differnt uses of IDS.Do check it out
ReplyDeleteIntrusion Detection System is also referred to as IDS. It is a tool that inspects every internal or external network activity and determines if any suspicious behavior is being carried out. It also tracks attacks to the system and finds out if someone is trying to hack into the system. An IDS can be categorized into several categories. Misuse detection system in one of the basic types of intrusion detection techniques.
ReplyDeleteAn intrusion detection system (IDS) is a device (or application) that monitors network and/or system activities for malicious activities or policy violations....Great information. THanks for sharing.
ReplyDeleteIntrusion detection systems are common with big companies because they know that IDSs are a necessary ,for a comprehensive system security .
ReplyDeleteNice article about detection systems. Thanks for sharing
ReplyDeleteit's really a good article about detection systems.and it's also a valuable and informative article to me.Intrusion detection systems are common with big companies.thanks for your article.
ReplyDeletei didn't know that this was possible. I thought it was only possible in movies. thanks for letting us know of such advanced technologies.
ReplyDeleteIts like a burglar alarm system for your computer. This is really a good to know information.The diagram help us understand better how it works!
ReplyDeleteThere have huge details about Intrusion detection systems (IDS). I'm going to recommend this article to all my friend. Very much informative.
ReplyDelete