Intrusion Detection Systems
An IDS, or Intrusion Detection System, is a security technology designed to monitor networks or computer systems for unauthorised access, security breaches, or suspicious activities.
The primary purpose of an IDS is to detect and respond to security incidents in real-time or near real-time, helping to safeguard the integrity, confidentiality, and availability of data and resources.
An IDS only needs to detect potential threats. It is placed out of band on the network infrastructure. Consequently, it is not in the real-time communication path between the sender and receiver of information.
IDS solutions often take advantage of a TAP or SPAN port to analyze a copy of the inline traffic stream. This ensures that the IDS does not impact inline network performance.
When IDS was developed, the depth of analysis required to detect intrusion could not be performed quickly enough. The speed would not keep pace with components on the direct communications path of the network infrastructure.
Network intrusion detection systems are used to detect suspicious activity to catch hackers before damage is done to the network. There are network-based and host-based intrusion detection systems. Host-based IDSes are installed on client computers; network-based IDSes are on the network itself.
An IDS works by looking for deviations from normal activity and known attack signatures. Anomalous patterns are sent up the stack and examined at protocol and application layers. It can detect events like DNS poisonings, malformed information packets and Christmas tree scans.
An IDS can be implemented as a network security device or a software application.