Intrusion detection systems (also called ID systems and IDS) have been, and are still constantly being developed in response to past and present attacks on many high-profile websites and networks, including those of Sony, eBay, Yahoo Mail, Google, Apple iCloud, UPS, JP Morgan, NASA, the White House, NATO, the Pentagon, and the U.S. Defense Department.
IDS is a type of security management system for computers and networks. It is a network security technology that was originally designed for detecting exploits against target computers or applications that took advantage of certain vulnerabilities. At present IDS is designed to detect many other modes of compromising the security of any IT network system. It is often a package consisting of hardware and/or software systems that automate the process of monitoring events that occur in a computer network or system or network so they can be analyzed for symptoms of security problems.
The basic functions of an IDS are gathering and analyzing information from various parts of a computer or a network for the purpose of identifying possible security breaches in the form of attacks from external origins and abuse/misuse from within an organization). To assess the security of an IT or network system, IDS often uses a method called “scanning”, or vulnerability assessment.
A two-step process may be found in an IDS, one a passive component and the other, active. What takes place in the passive component are inspections of the configuration files, password files (to detect weak passwords), and policy audit logs (to detect violations) in a system. In the active component, which is network-based, reenactments of known attack methods take place using installed mechanisms and recordings of system responses to attack reenactments are made. From these processes certain data are captured, usually from packets passing through the system, and reported for subsequent analysis. Hopefully, appropriate steps to counter one or more discovered threats can be taken based on the results of IDS output analyes.
So, who needs an IDS? Everyone who uses a networked IT system needs it because everyone is a potential target of attacks coming from different sources, near or far. However, everyone must be aware of the fact that there is not a single, universal IDS that fits all needs. An individual or business enterprise needs to know the type of IDS that is appropriate to one’s circumstances, and this may be difficult to do in many cases because it needs a high degree of technical know-how. Network and IT security experts can help in reviewing one’s need for an IDS and designing a solution that matches the need.