Tuesday, October 23, 2012


Intrusion Detection System

An intrusion detection system (IDS) is a device or software application that monitors network and/or system activities for malicious activities or policy violations & produces reports to a Management Station.

Intrusion detection and prevention systems (IDPS) are primarily focused on identifying possible incidents, logging information about them, and reporting attempts. In addition, organizations use IDPSes for other purposes, such as identifying problems with security policies, documenting existing threats, and deterring individuals from violating security policies. IDPSes have become a necessary addition to the security infrastructure of nearly every organization

Types of IDS
    *      Network intrusion detection system (NIDS)
It is an independent platform that identifies intrusions by examining network traffic & monitors multiple hosts. In a NIDS, sensors are located at choke points in the network to be monitored, often in the demilitarized zone (DMZ) or at network borders. Sensors capture all network traffic & analyze the content of individual packets for malicious traffic. An example of a NIDS is Snort.

    *      Host-based intrusion detection system (HIDS)
It consists of an agent on a host that identifies intrusions by analyzing system calls, application logs, file-system modifications (binaries, password files, capability databases, Access control lists, etc.) & other host activities & state. An example of a HIDS is OSSEC (a free, open source host-based intrusion detection system (IDS). It performs log analysis, integrity checking, Windows registry monitoring, rootkit detection, time-based alerting and active response).

    *      Stack-based intrusion detection system (SIDS)
This type of system consists of an evolution to the HIDS systems. The packets are examined as they go through the TCP/IP stack & therefore, it is not necessary for them to work with the network interface in promiscuous mode. This fact makes its implementation to be dependent on the Operating System that is being used.

Reference:
at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)