Top Reasons to deploy an Intrusion Detection and Prevention System An intrusion detection system is a perfect passive security solution that is especially designed to monitor all inbound and outbound network activity. Undoubtedly its basic function is to identify any suspicious patterns that may indicate a network or system attack from an unidentified object attempting to break into or compromise a system. An intrusion prevention system is considered to be a passive monitoring system the reasons are: -
An IDS product warns you of suspicious activity taking place of course not to prevent them.
It essentially reviews your network traffic and data and identifies probes, attacks, exploits and other vulnerabilities.
It can respond to the suspicious event in one of several ways which includes displaying an alert, logging the event or even paging the administrator.
One may also find in some cases that it reconfigures the network to reduce the effects of the suspicious intrusion.
It identifies any suspicious activity or events which is the result of a virus, worm or hacker and is done by looking for known intrusion signatures or attack signatures.
The intrusion signatures characterize different worms or viruses and track the general differences which vary from regular system activity.
The IDS is a freely distributed open source program to offer much more expensive and secure vendor software appliances and sensor devices which are installed at different points of the network. Based on the functionalities, an Intrusion Detection System has been categorized as under: -
Network and Host based detection
Misuse and anomaly detection
Passive and reactive systems
a) Network based IDS systems are often stand alone hardware appliances that include network intrusion detection capabilities. It consists of hardware sensors located at various points of the network or the software that is installed to the system computers to your network. It analyzes the data packet entering or leaving your network. HIDS do not offer true real time detection but detects properly when configured correctly. Host based IDS are software agents installed on individual computers within the system. It analyses the traffic to and from the specific computer on which the intrusion detection software is installed on. Host based often provides such features that you cannot get in the network based IDS.
b) In misuse detection, the information is gathered and compared to large databases of attack signatures. It is like a virus detection system where detection software is only as good as the database of intrusion signatures that it uses to compare packets against. The anomaly detector monitors network segments to compare their state to the normal baseline and look for anomalies. c) In a passive system, IDS detects a potential security beach, information logs and alert signals. In a reactive system, the IDS respond to the suspicious activities by logging off the
user or by reprogramming the firewall to block the network traffics from the suspicious malicious source. Therefore, no need to explain more why your system definitely needs the best intrusion prevention so that you can have the network security in your hands and can perform safely and protected.