Home > Intrusion Detection System

Intrusion Detection Systems or IDC is the software or the hardware tool that is used for detection of any unauthorized access to the system or a network (if employed in case of a network). This system should function to detect all the malicious things like viruses, worms, attacks – data driven or host based etc. usually an IDS has several components present in it.

The components an IDS device may have include sensors, console as well as a central engine. Sensor is that component of the IDS which generates security events. Console is used for the purpose to monitor the events and alerts. There is a central Engine which is capable of recording events logged by sensors inside a database. It uses a system of rules to generate the alerts. These alerts are generated from the security events received.

IDS can be categorized in several ways depending upon the type and location of sensors and even the methodology which is in use by the central engine that is generating the alerts. Usually in many simple IDS there is single device that has all the three combined components. In case of misuse detection system there is signature used for detection of unauthorized access. Misuse detection systems are also called as a Signature Based Intrusion Detection System.

These systems identify the intrusions by the observation of patterns. The patterns may be of traffic or application data. It is presumed to be a malicious entity. Here this kind of detection systems is capable of detecting only known attacks. Some time it is possible to detect some new attacks which have the characteristics of the old attacks.

Another category of IDS is Anomaly Based Intrusion Detection System. This system can identify the intrusion by the way of notifying the operators of traffic. It can even detect based on the application content which is presumed to be the one that is different from a normal action. It is capable of detecting intrusions from a network or from a host.

The principle involved in design of these types of systems is achieved with self learning. Here in this type of IDS the task of the administrator is to define a baseline. On the basis of this information, the state of network traffic load is determined.

The other things that can be detected by this system include breakdown of the system as well as the protocols. Typical size of the packets can also be detected. This device can monitor the segments of a network and compares the state to a normal baseline to find out the anomalies.

There are other types of systems called as Network based systems or Host based Systems. There also exists a hybrid system which is called as Hybrid Intrusion Detection System.

The hybrid IDS combines the properties of both the systems and are categorized as Passive Intrusion Detection Systems or Reactive Intrusion Detection Systems. There are even Intrusion Prevention Systems that utilize the techniques of a firewall and are basically application layer firewalls. Another kind of IDS is called as Snort Network IDS.

More Information
Intentional Data Loss
Operating System
Basics Computer Forensic
Software Computer Forensic
Computer Forensic Professional
Computer Forensics Impact
Need for Computer Forensics
Computer Forensic Service
Training
Policies
Computer Forensics Advantages
Computer Forensics Disadvantages
Online Support
Business Organization
Analysis Computer Forensics
Steganalysis
Evidence Tracking
Network Forensic Tool
Cryptography
Hackers
Cracker
Internet Security
Firewall
Network Forensic Tool
Acquiring Evidence