Intrusion Detection System: What, How and Why?

Imagine someone is trying to compromise your networking information system through malicious activities or through security policy violations. And you immediately get an alert that someone or something is trying to interfere with the system. As a result, you are able to ward off the intruder before they enter into your system. And the security system that alerted you would be called an Intrusion Detection System. Let's discuss in detail how this system works.

As the business environment is blending well with the technological advancement of the modern age, a business entity has the opportunity of connecting with the outside world and grow their business exponentially. Internet and Telecommunications are a must for every entity of this age.

One one hand, the organization can share data and resources to those intended for fast and efficient flow of business. Whereas on the other hand, the possibility of exposure of this data to vendors, service providers, and trading partners is increasing significantly.

And despite these concerns, every entity understands that the internet is practically the most promising infrastructure for their business at any place and at any time. Bottomline, people will not stop using the internet because of these concerns, rather they continue their business operations with the help of this electronic communication and at the same time realize and respond to the concerns that come their way.

And because of these responses, several tools/technologies have been made available to protect information and systems against compromise, intrusion, or misuse. These tools and technologies are called Intrusion Detection System and that's what we will be discussing in this article.

How do Intrusion Detection Systems work?

IDSs are designed to look for signatures of known attackers, or any activities that are inconsistent with the normal activity. This inconsistency, also called anomalies or deviations are then pushed up the deck and then examined at the protocol layer and the application layer.

Just so you know, we have discussed the various layers of Networking article in on of our earlier articles : Open System Interconnection Model, you can check it out for further reference.

IDSs can effectively detect intruders such as DNS poisoning, XMAS tree scams and such other malformed packets.

Types of Intrusion Detection System

Like we discussed, an Intrusion Detection System is a device or software application that monitors network or system activities for malicious activities or policy violations and produces reports to a Management Station.

The goal of intrusion detection is to monitor network assets to detect anomalous behavior and misuse. IDS are primarily of two types, yet a combination of both these types is also applicable for various organizations.

Network Intrusion Detection (NID)

Network Intrusion Detection System is placed on a network to analyze traffic in search of unwanted or malicious events on the wire between hosts.

Typically referred to as "packet-sniffers", network intrusion detection devices intercept packets traveling along various communication mediums and protocols, usually TCP/IP. NNID is a type of NID.

The advantage of NNID is its ability to defend specific hosts against packet-based attacks in these complex environments where conventional NID is ineffective.

Host-based Intrusion Detection (HID)

Host-based Intrusion Detection systems are designed to monitor, detect, and respond to user and system activity and attacks on a given host. The difference between host-based and network-based intrusion detection is that NID deals with data transmitted from host to host while

HID is concerned with what occurs on the hosts themselves. Host-based intrusion detection is best suited to combat internal threats because of its ability to monitor and respond to specific user actions and file accesses on the host. In other words, HID detects insider misuse while NID detects outsider misuse.

Hybrid Intrusion Detection

Hybrid Intrusion Detection systems offer management of and alert notification from both network and host-based intrusion detection devices. Hybrid solutions provide the logical complement to NID and HID - central intrusion detection management.

Well, that's all on Intruder Detection System. We shall discuss Firewall in our next article, stay tuned for that.

And as always, if you have any doubts, queries or suggestions, please let me know. Just click on Ask questions from the left panel of your screen.

Thank You

Similar Ripples

Questions

There is no question

Intrusion Detection System: What, How and Why?

Write your Comment

Would you like to edit this news ? Edit

Select Format

You get opportunity to take 30 day Challenge program.

Optional

Advanced

You get opportunity to take 30 day Challenge program.

Optional

Add tags

You get opportunity to take 30 day Challenge program.

Optional

PUBLISH IT

Don't sell
PUBLISH IT
Publish privately
SAVE AS DRAFT

Dont't publish now

As the business environment is blending well with the technological advancement of the modern age, a business entity has the opportunity of connecting with the outside world and grow their business exponentially. Internet and Telecommunications are a must for every entity of this age.One one hand, the organization can share data and resources to those intended for fast and efficient flow of business. Whereas on the other hand, the possibility of exposure of this data to vendors, service providers, and trading partners is increasing significantly.And despite these concerns, every entity understands that the internet is practically the most promising infrastructure for their business at any place and at any time. Bottomline, people will not stop using the internet because of these concerns, rather they continue their business operations with the help of this electronic communication and at the same time realize and respond to the concerns that come their way.And because of these responses, several tools/technologies have been made available to protect information and systems against compromise, intrusion, or misuse. These tools and technologies are called Intrusion Detection System and that's what we will be discussing in this article.How do Intrusion Detection Systems work?IDSs are designed to look for signatures of known attackers, or any activities that are inconsistent with the normal activity. This inconsistency, also called anomalies or deviations are then pushed up the deck and then examined at the protocol layer and the application layer. Just so you know, we have discussed the various layers of Networking article in on of our earlier articles : <a href="https://www.thakurani.in/shocksnmocks/Others-14-group/open-system-interconnection-model-3888/" target="_blank">Open System Interconnection Model</a>, you can check it out for further reference.IDSs can effectively detect intruders such as DNS poisoning, XMAS tree scams and such other malformed packets. Types of Intrusion Detection SystemLike we discussed, an Intrusion Detection System is a device or software application that monitors network or system activities for malicious activities or policy violations and produces reports to a Management Station. The goal of intrusion detection is to monitor network assets to detect anomalous behavior and misuse. IDS are primarily of two types, yet a combination of both these types is also applicable for various organizations.Network Intrusion Detection (NID)Network Intrusion Detection System is placed on a network to analyze traffic in search of unwanted or malicious events on the wire between hosts. Typically referred to as "packet-sniffers", network intrusion detection devices intercept packets traveling along various communication mediums and protocols, usually TCP/IP. NNID is a type of NID. The advantage of NNID is its ability to defend specific hosts against packet-based attacks in these complex environments where conventional NID is ineffective.Host-based Intrusion Detection (HID)Host-based Intrusion Detection systems are designed to monitor, detect, and respond to user and system activity and attacks on a given host. The difference between host-based and network-based intrusion detection is that NID deals with data transmitted from host to host whileHID is concerned with what occurs on the hosts themselves. Host-based intrusion detection is best suited to combat internal threats because of its ability to monitor and respond to specific user actions and file accesses on the host. In other words, HID detects insider misuse while NID detects outsider misuse. Hybrid Intrusion DetectionHybrid Intrusion Detection systems offer management of and alert notification from both network and host-based intrusion detection devices. Hybrid solutions provide the logical complement to NID and HID - central intrusion detection management.Well, that's all on Intruder Detection System. We shall discuss Firewall in our next article, stay tuned for that. And as always, if you have any doubts, queries or suggestions, please let me know. Just click on Ask questions from the left panel of your screen. Thank You

Hi Thakurani,
I want to withdraw in my Thakurani wallet
Thanks,

Select the reason for validity check

I feel great..the news is still good.please give the reason too..thanks..

Why do you think the News as invalid?” Please mention the reason.

I appreciate your effort. May I request you to select one of the reasons from below.
I am marking this post and your reason to Thakurani Moderators. They will take appropriate action.
Thanks,

Write your reason

My Dear ,

Harassing

Spam

Ingenuine

Rotten

Alien

Plagiarism

Unformatted

Intrusion Detection System: What, How and Why?