What Are Intrusion Detection Systems And Why Are They Important?
The term “Intrusion Detection Systems,” refers to programs (software) or devices that have been designed specifically for the purposes of monitoring a network and identifying potential vulnerabilities and ongoing attacks.
IDS Types
There are five main types of Intrusion Detection Systems. These are;
- Active
- Passive
- Network Based
- Host Based
- Knowledge Based
- Behavior Based
- Active Intrusion Detection Systems
These are also commonly referred to as Intrusion Prevention Systems. An active IDS not only identifies an ongoing attack on a network, but it also actively takes measures to stop the network from being compromised. One major disadvantage of this type of system is that false alarms may deny access to legitimate users.
- Passive IDS
A passive IDS, on the other hand, does not take measures to stop an attack, but only identifies the threat and notifies the operator of the potential vulnerabilities. Unlike and active IDS, this system is not itself usually prone to falling prey to attacks.
- Network Based IDS
This type of IDS is composed of a sensor and a NIC (Network Interface Card). The network based IDS monitors traffic on a particular segment of the network. The NIC operates in promiscuous mode and checks out all packets of data that pass through the segment.
- Host Based IDS
This comes with “agents;” small programs that are installed on individual systems (the hosts). They have the task of keeping an eye on the Operation System and trigger alarms when threats are detected. This type of IDS does not monitor the entire network.
- Knowledge based IDS
A knowledge based IDS relies on a database of previous attacks and vulnerabilities. It uses this information to identify active attacks and security holes. A major plus for this type of system is that it has a low rate of false alarms. Its disadvantage is that it can fail to identify new attacks.
- Behavior Based
Behavior based IDSs identify threats based on the identified patterns of attempts to gain access to a network. Although this gives this type of IDS the ability to identify new attacks, a major disadvantage is that a higher rate of false alarms is triggered.
Why are Intrusion Detection Systems Important?
Intrusion Detection Systems are of paramount importance in today’s computing environment, inasmuch as they serve as a barrier between the many threats that can be found online and your network. They do the following;
- Detect intrusions into a network from a program or a person
- Record attack patterns in order to improve detection systems
- Detect attacks on the data link layer
Protecting your network from unwanted Intrusion
The last thing that you need is to have your computer hacked or infected by one of the many types of malicious software that are floating around out there. We have previously written an article in which we talk about Ransomware, and how the WannaCry Ransomware recently wreaked havoc across the globe.
The companies that fell prey to the nefarious activities by the people behind this attack were, clearly, not prepared for the fast moving pace of today’s I.T World. Although it is impossible to be fully proofed against the many types of threats that can be found out there, Intrusion Detection Systems are part of the steps that can be taken to virtually eliminate the risks.
Are Firewalls and Antiviruses not enough?
One of the questions that you are likely to get asked you mention the importance of IDSs to people pertains to the fact that most computers already have installed antimalware programs and Firewalls. Doesn’t this invalidate the need to have an Intrusion Detection System?
Another Layer of Protection
The answer to the above question is that you can never really have too much protection, particularly in the high stakes worlds of ecommerce and communication. There is also the fact that an IDS works in a completely different way to the above mentioned online security measures.
Firewalls, as an example, are good for blocking the unauthorized use of ports at the TCP/IP level. However, those ports that are used by applications remain open. An example would be port 80, which is used for HTTP traffic.
Most of the computers that fall prey to malware on a daily basis actually have working antiviruses. There are so many things that can go wrong, particularly when the stakes are so high, that the antimalware programs that are out there are really never enough to keep networks secure.
IDSs are much more intelligent
Intrusion Detection Systems give your network the extra layer of security that is needed to keep your company safe. IDSs represent a smart solution to the ever evolving threats that are out there.