Issuu on Google+

Intrusion Detection System: Essential Tool for Computer Security Worried about intruders attacking your network enterprise? Do not surround yourself with clouds of tensions, but rather seek for intrusion detection software (IDS). Electronic attacks can hamper the operation of Information systems and networks. IDS is a must have tool especially if you are planning for serious in depth computer security. Antivirus scanners point known worms, Trojan horses and viruses, and firewalls halt port intruders. However, what about activities taking place in the network packets? The IDS is capable of detecting whether port 80 traffic is a web request or an Instant messaging file transfer. On the contrary, firewalls and scanners are not capable of holding buffer overflow attack or cannot make out the latest SQL injection attack. Advanced high end IDS is capable of dropping the packet before harm is disseminated. It is also designed to alter or modify the security parameter ruling out the possibilities that may harm the network. Intrusion detection system can be categorized in the following ways: Misuse detection vs. anomaly detection In misuse detection, the IDS scrutinize the incorporated information and then make comparison with the large databases of attack signatures. Basically, it searches for a specific attack that already took place. Detection software of a virus detection system checks the database of attack signatures and compares packets against them. In anomaly detection, the system administrator creates the baseline, or normal, networks traffic load, protocol, and typical packet size. The anomaly detector checks the network segments to compare their state to the normal baseline and search for the anomalies. Network-based vs. Host-based systems Network-based system, in this Intrusion detection system investigates the individual packets passing through the network. All malicious packets which a firewall is unable to detect are filtered through it and ensure network security. A host-based system eyes activities on the individual’s computer or host. Passive system vs. reactive system In a passive system, network security is done by checking the potential security breach, logging the information and sending out alerts. In a reactive system, suspicious activities are detected by logging off a user or by reprogramming the firewall and stops network traffic from the suspected source. Firewall security and IDS are related to the cyber security. The difference lies in the methods of providing security. The firewall searches for intrusion so they can be stopped from happening and maintains the privacy by limiting the access between two networks and avoiding having to warn an attack from inside the network. On the contrary, the intrusion detection software reviews the suspect after the spread of warning.


Intrusion Detection System: Essential Tool for Computer Security