Intrusion Detection Systems
Intrusion Detection System as the name implies detects intrusion in the network. It implies both intrusions from inside and from outside the network.
IDS, these days, have become vital component in the security toolbox.
This posing will provide an overview of IDS, their types, detection techniques employed and various popular IDS tools that are widely used. This report also gives the overview of Snort IDS tool followed by a short demo showing the actual working of snort to catch intrusion based on the rules set. The intent of this presentation and report is to make the audience aware of the importance of IDS and also to make them familiar with the usage of Snort IDS tool.
Introduction
Intrusion Detection System is any hardware, software, or a combination of both that monitors a system or network of systems against any malicious activity. This is mainly used for detecting break-ins or misuse of the network. In short, we can say that IDS is the ‘burglar alarm’ for the network because much like a burglar alarm, IDS detects the presence of an attack in the network and raises an alert. An IDS provides three functions: monitoring, detecting and generating an alert.
IDS are often considered as the functionality of firewall. But there is a thin line of difference between them. A firewall must be regarded as a fence that protects the information flow and prevent intrusions where as IDS detects if the network is under attack or if the security enforced by the firewall has been breached. Together firewall and IDS enhance the security of network.
Intrusion Detection System uses a security policy (or rules) to detect unusual activity. These rules are defined by the administrator based on the needs of the organization. Any activity that violates this security policy will be considered a security threat and will be reported to the administrator via email or as page or as SNMP traps. These policies must be updated regularly to keep up with the threats and needs.
IDS, these days, have become vital component in the security toolbox.
This posing will provide an overview of IDS, their types, detection techniques employed and various popular IDS tools that are widely used. This report also gives the overview of Snort IDS tool followed by a short demo showing the actual working of snort to catch intrusion based on the rules set. The intent of this presentation and report is to make the audience aware of the importance of IDS and also to make them familiar with the usage of Snort IDS tool.
Introduction
Intrusion Detection System is any hardware, software, or a combination of both that monitors a system or network of systems against any malicious activity. This is mainly used for detecting break-ins or misuse of the network. In short, we can say that IDS is the ‘burglar alarm’ for the network because much like a burglar alarm, IDS detects the presence of an attack in the network and raises an alert. An IDS provides three functions: monitoring, detecting and generating an alert.
IDS are often considered as the functionality of firewall. But there is a thin line of difference between them. A firewall must be regarded as a fence that protects the information flow and prevent intrusions where as IDS detects if the network is under attack or if the security enforced by the firewall has been breached. Together firewall and IDS enhance the security of network.
Intrusion Detection System uses a security policy (or rules) to detect unusual activity. These rules are defined by the administrator based on the needs of the organization. Any activity that violates this security policy will be considered a security threat and will be reported to the administrator via email or as page or as SNMP traps. These policies must be updated regularly to keep up with the threats and needs.