IDS stand for Intrusion Detection System. If one wishes to compare to a home anti-burglary system, firewalls perform the role of door and window locks. An IDS performs the role of such an alarm system and adds the next preventive layer of security by detecting attacks that penetrate IT systems.
No protection system could make a network 100% secure against outside attacks. Such an anomalous situation must be reported to the system administrator as quickly as possible. It is useful to view what an intruder was doing in an IT system. These are the key tasks for Intrusion Detection System programs.
IDS perform a continuous monitoring of events. It monitors the server and logs any unauthorised access attempts. IDS must be instructed to recognize such events. It can process various types of data. The most frequent are: traffic eavesdropping, packets flowing into system logs, information on users activities. In operational terms, three primary types of IDS are available:
- Host base systems – HIDS
- Network based systems – NIDS
- Network node-based systems - NNIDS
Problems with IDSes
It is prone to “false-positives” (false alerts). It is possible that an IDS generates an alert when no problem was actually present. This is known as false positive. The network administrator may ignore these alerts, possibly allowing a serious attack to pass unnoticed. A detailed tuning of alerting and triggering, rules must be performed.
This is a serious task. It is critical to understand the properties of IDS technologies, to have a broad knowledge of contemporary intrusion types. A more rigorous configuration policy is necessary. The implementing of an IDS service to specialists.