Intrusion Detection Systems – information on IDS and firewalls

März 27, 2008

An intrusion detection system would check all outbound and inbound activity and identify any suspicious move that indicates an attack on the systems from outside which threats a breaking into the system.

IDS can be categorized in the following ways.

The detection of anomaly or misuse: The IDS gathers some information and compares it to large databases. Software for misuse detection is used and the system administrator defines the packet size, the protocols, the traffic load and other things. The software for anomaly detection is also used to look for anomalies.

Another intrusion detection system is the network based system or host based system. This is also called NIDS which can detect packets that are malicious and which are designed to pass through firewalls simple filters.

Passive system is also known as the reactive system and the IDS find out a security breach, and sends off an alert. The IDS would respond to any activity that is suspicious by making an user log off or by blocking traffic on the network from the malicious source, or by reprogramming.

An IDS is different from a firewall although they both are concerned with network security. A firewall would search for intrusions in order that they do not happen any more. The firewall would check the intrusions between networks. It does apprehend an attack from within the network. IDS would look into an intrusion after it has taken place and raises an alarm. It also looks out for any alarm from within the system.

Weblinks: Top 5 Intrusion Detection Systems
Related Links: Data Recovery Systems