Sunshadowz logo Banner

Intrusion Detection Software

Main Menu

Firewalls

Antivirus

Intrusion Detection

Spyware

Data Encryption

Home



intrusion detection software

Detection Intrusion System Technology

Intrusion Detection Software was designed to stop attacks in their tracks. Its primary task consists of comparing events with known values then triggers an alert. Intrusion detection software is used to complement your perimeter security and detect any unusual traffic passing through your firewall. IDS can detect and monitor attacks but generally is only capable of alerting rather than stopping attacks. That's why IPS or Intrusion Prevention Software is more beneficial or a combination of the two technologies in one product. This article is targeted more for the more advanced user but may be of interest to all users.

For the basic home user, an example of a popular IDS product would be Winpatrol which is listed in the Freebie section. The basic difference between IDS and IPS boils down to real time monitoring as opposed to time delayed monitoring (a minute or more) and the extra processing power required for real time as opposed to delay. IPS monitors real time and takes a great deal more processing power to complete this task. There are four categories of intrusion detection:

  1. Application Area Detection Intrusion System monitors and logs application events.
  2. Host Intrusion Detection monitors system specific events.
  3. Network Intrusion Detection monitors traffic packets by using a sniffer.
  4. Integrated Intrusion Detection is a hybrid, which monitors combinations of application, host and network.

Of the four categories listed above, two are the most common:

  1. Host Intrusion Detection (HIDS)
  2. Network Intrusion Detection (NIDS)

Install security-monitoring programs such as Intrusion Detection Systems.

In any well-planned project, monitoring and updating is an ongoing process. The same is true for system security. In order to identify any modifications that have been made to your original configurations, you will require some special monitoring tools. These tools are categorized in the following areas:

  1. Host-Intrusion Detection
  2. System Integrity Checkers
  3. Host-Resident Firewalls

Host Intrusion Detection (HIDs)

This real-time monitoring device alerts the administrator when a specific event has occurred such as a new user being added or any abnormal usage patterns. Host intrusion detection software detect threats aimed at your critical hosts or servers.


System Integrity Checkers

These historical tools provide the administrator with a snap shot of the system in order to compare with current configurations in case of modifications. The administrator can then identify where changes have occurred.


Host-Resident Firewalls

These personal firewalls add extra security to a host system by controlling incoming and outgoing traffic on the individual system.

Network Intrusion Detection(NIDs)

NIDs primary responsibility is to monitor, detect and identify malicious activity on a network. Once suspicious activity is detected, an alert is generated for each activity.

The difference between HIDs and NIDs is that NID deals with data transmitted from host to host (data in transit) while HID are only concerned with the activity on the host computer. For example, a HID would be used to combat internal threats to a system by monitoring user activity, usage patterns and behavior.

Google




Top