Intrusion Detection System

Intrusion Detection System

What is IDS (Intrusion Detection System)?

An Intrusion detection system (IDS) is a Security and monitoring software tool designed to automatically alert system admins when someone or something is trying to compromise information systems through malicious activities or security policy violations.


An IDS works by monitoring system activity by examining vulnerabilities in the system, the integrity of files, and analyzing patterns based on already known attacks. It also monitors the internet to search for any of the latest threats which could result in a future attack.


Types of IDS

Majorly the IDS is working in four ways, one is NIDS and another one is HIDS,


NIDS

Network Intrusion Detection System - Short for network intrusion detection systems, NIDS is a system that attempts to detect hacking activities, denial of service attacks, or port scans on a computer network or a computer itself. The NIDS monitors network traffic and helps to detect these malicious activities by identifying suspicious patterns in the incoming packets.

The NIDS can monitor incoming, outgoing, and local traffic. Inspecting outgoing or local traffic can yield valuable insight into malicious activities, as can inspecting incoming traffic. Some attacks can originate and stay with the local network or be staged inside the network with an outside-the-network target. The NIDS also works with other systems, like a firewall, to help better protect against known attack sources (e.g., a suspected attacker's IP address).


HIDS

Host Intrusion Detection System - A host-based IDS is capable of monitoring all or parts of the dynamic behavior and the state of a computer system, based on how it is configured. Besides such activities as dynamically inspecting network packets targeted at this specific host (optional component with most software solutions commercially available), a HIDS might detect which program accesses what resources and discover that, for example, a word-processor has suddenly and inexplicably started modifying the system password database. Similarly, a HIDS might look at the state of a system, its stored information, whether in RAM, in the file system, log files, or elsewhere; and check that the contents of these appear as expected, e.g. have not been changed by intruders.


PIDS

Perimeter Intrusion Detection System - Detects and pinpoints the location of intrusion attempts on perimeter fences of critical infrastructures. Using either electronics or more advanced fiber optic cable technology fitted to the perimeter fence, the PIDS detects disturbances on the fence, and if an intrusion is detected and deemed by the system as an intrusion attempt, an alarm is triggered.


VMIDS

VM-based Intrusion Detection System - It detects intrusions using virtual machine monitoring. By using this, we can deploy the Intrusion Detection System with Virtual Machine Monitoring. It is the most recent type and it’s still under development. There’s no need for a separate intrusion detection system since by using this, we can monitor the overall activities.



Relevant Blogs:

Salt stack orchestration 

Ansible installation in Ubuntu

Kubernetes Autoscaling

What is AIOps

Recent Comments

No comments

Leave a Comment