Preview

Intrusion Detection Systems

Powerful Essays
Open Document
Open Document
1603 Words
Grammar
Grammar
Plagiarism
Plagiarism
Writing
Writing
Score
Score
Intrusion Detection Systems
Intrusion Detection Systems

In 1980, James Anderson’s paper, Computer Security Threat Monitoring and Surveillance, bore the notion of intrusion detection. Through government funding and serious corporate interest allowed for intrusion detection systems(IDS) to develope into their current state. So what exactly is IDS? An IDS is used to detect malicious network traffic and computer usage through attack signatures. The IDS watches for attacks not only from incoming internet traffic but also for attacks that originate in the system. When a potential attack is detected the IDS logs the information and sends an alert to the console. How the alert is detected and handled at is dependent on the type of IDS in place. Through this paper we will discuss the different types of IDS and how they detect and handle the alerts, the difference between a passive and a reactive system and some general IDS intrusion invasion techniques.

First lets go over what the difference is between a passive and a reactive IDS. In a passive IDS the sensor of detects an potential threat then logs the information and sends an alert to the console. With a reactive IDS, also known as an intrusion prevention system(IPS), the threat would be detected and logged. Then the reactive IDS would either reset the connection or reprogram the firewall to block network traffic from the suspected source, which could be automatic or at the control of an operator. Therefore a reactive system will act in response to the threat were as a passive system will only log and send an alert to the console informing the operator of a threat.

There are many types of intrusion detection systems, network intrusion detection, host based, protocol based, application protocol based, anomaly based and hybrid. The first one we are going to discus is network intrusion detection systems or NIDS. With NIDS the system attempts to detect threats and attacks, such as denial of service attacks, port scans and attempts

You May Also Find These Documents Helpful

  • Powerful Essays

    References: 267. Beijtlich, R. (n.d.). The Practice of Network Security Monitoring: understanding incident detection and response. [Books24x7 Version.…

    • 4846 Words
    • 17 Pages
    Powerful Essays
  • Satisfactory Essays

    Unit 454 Lab 4 Essay

    • 457 Words
    • 2 Pages

    (1 point) 4. What property of a firewall is the primary distinguishing factor between it and an intrusion detection system (IDS)?…

    • 457 Words
    • 2 Pages
    Satisfactory Essays
  • Satisfactory Essays

    c) Logical IDS: Network and workstation mechanisms that monitors network traffic and provide real-time alarms for network-based attacks Service Network.…

    • 1152 Words
    • 4 Pages
    Satisfactory Essays
  • Powerful Essays

    ITNE455-1204A-01 U3GP3

    • 5030 Words
    • 21 Pages

    References: Adams, Karen, (2012). Types of Intrusion Prevention Systems. Retrieved September 6, 2012 from http://www.ehow.com/info_8039841_types-intrusion-prevention-systems.html…

    • 5030 Words
    • 21 Pages
    Powerful Essays
  • Powerful Essays

    IS3110 U5L1

    • 912 Words
    • 4 Pages

    One of the most important first steps to risk management and implementing a security strategy is to identify all resources and hosts within the IT infrastructure. Once you identify the workstations and servers, you now must then find the threats and vulnerabilities found on these workstations and servers. Servers that support mission critical applications require security operations and management procedures to ensure C-I-A throughout. Servers that house customer privacy data or intellectual property require additional security controls to ensure the C-I-A of that data. This lab requires the students to identify threats and vulnerabilities found within the Workstation, LAN, and Systems/Applications Domains.…

    • 912 Words
    • 4 Pages
    Powerful Essays
  • Better Essays

    Implementing the installation of an IDS or IPS will allow for suspicious traffic to be flagged and reported to administrators based on one of two different factors. These factors are signature based or anomaly based depending on how they are configured.…

    • 1279 Words
    • 6 Pages
    Better Essays
  • Satisfactory Essays

    The explosive growth and popularity of the Internet have resulted in thousands of structured query able information sources. Most organizations are familiar with Penetration Testing and other ethical hacking techniques as a means to understanding the current security status of their information system assets. Consequently, much of the focus of research, discussion, and practice, has traditionally been placed upon active probing and exploitation of security vulnerabilities. Since this type of active probing involves interacting with the target, it is often easily identifiable with the analysis of firewall and intrusion detection/prevention device (IDS or IPS) log files.…

    • 501 Words
    • 2 Pages
    Satisfactory Essays
  • Satisfactory Essays

    wk 4 lab 2

    • 403 Words
    • 1 Page

    5. IP stateful firewall is a firewall that keeps track of the state of network connections (such as TCP streams, UDP communication) traveling across it. The firewall is programmed to distinguish legitimate packets for different types of connections. Only packets matching a known active connection will be allowed by the firewall; others will be rejected.…

    • 403 Words
    • 1 Page
    Satisfactory Essays
  • Satisfactory Essays

    NT2580

    • 526 Words
    • 5 Pages

    NT2580 Introduction to Information Security Unit 2 Application of Security Countermeasures to Mitigate Malicious Attacks © ITT Educational Services, Inc. All rights reserved. Learning Objective Describe how malicious attacks, threats, and vulnerabilities impact an IT infrastructure. NT2580…

    • 526 Words
    • 5 Pages
    Satisfactory Essays
  • Powerful Essays

    Army Regulation 190–51

    • 37089 Words
    • 149 Pages

    o Consolidates paragraphs 6 through 9, 11, 13, 15 through 17, and 19 of AR 190-18…

    • 37089 Words
    • 149 Pages
    Powerful Essays
  • Better Essays

    * IDS and IPS monitoring of incoming and outgoing network traffic, including anti-virus, anti-spyware and signature and anomaly-based traffic monitors.…

    • 932 Words
    • 4 Pages
    Better Essays
  • Better Essays

    Dougherty, C., Householder, A., & Houle, K. (2002). Computer attack trends challenge Internet security. Computer, 35(4), 0005-7.…

    • 1278 Words
    • 5 Pages
    Better Essays
  • Satisfactory Essays

    Data Security

    • 335 Words
    • 2 Pages

    16. The difference between a network intrusion detection system(NIDS) and a network intrusion prevention system (NIPS) is that __________.…

    • 335 Words
    • 2 Pages
    Satisfactory Essays
  • Good Essays

    In “What is an Inkblot? Some Say, Not Much” by Erica Goode, the author introduces the Rorschach test determining whether or not the Rorschach test is necessary. Some people argue about how the Rorschach is useful in ways to find out the problem or to find out what is wrong with the patient. Getting to the point, the story, “ Flowers of Algernon” by Daniel Keys, the author talks about a mentally disabled grown man named Charlie Gordon taking the Rorschach test to determine whether or not he is suitable for the procedure to improve his intelligence. Honestly, the Rorschach test is not appropriate to find out if Charlie is suitable for the procedure because, it is useless, it virtually gives no evidence to diagnose patients, and it is heavily…

    • 322 Words
    • 2 Pages
    Good Essays
  • Satisfactory Essays

    Os Security

    • 369 Words
    • 2 Pages

    Host Intrusion Detection System: A Host Intrusion Detection system is similar to Antivirus in that it looks for suspicious activity and compares against a definition file, but it also inspects network traffic that comes through the local interface. This allows the HIDS to detect an attack before it has actually put anything on your computer. HIDS also creates a host baseline, to which changes are reported to an administrator. This can result in a lot of logs if changes are made on a regular basis. This solution is both difficult to configure and maintain.…

    • 369 Words
    • 2 Pages
    Satisfactory Essays