Intrusion Detection System IDSS
Monitors network traffic and suspicious activity and alerts the system or network administrator. IDS may also respond to anomalous or malicious traffic by taking action such as blocking the user or IP address.
Types of IDS
There are network based (NIDS) and host based (HIDS) intrusion detection systems.
- NIDS
Are placed at a strategic point or points within the network to monitor traffic to and from all devices on the network.
- HIDS
Are run on individual hosts or devices on the network. Monitors the inbound and outbound packets from the device
only and will alert the user or administrator of suspicious activity.
Signature Based
Monitor packets on the network and compare them against a database of signatures or attributes from known malicious threats
Anomaly Based
Monitor network traffic and compare it against an established baseline. The baseline will identify what is “normal” for that network. Alert the administrator or user when threat occurs
Passive IDS
Detects and alerts. When suspicious or malicious traffic is detected an alert is generated and sent to the administrator or user.
Reactive IDS
Not only detect suspicious or malicious traffic and alert the administrator, but will take pre-defined proactive actions to respond to the threat.
Snort System:
One of the most well known and widely used intrusion detection systems. It is available for a number of platforms and operating systems including both Linux and Windows. Snort has a large and loyal following and there are many resources available on the Internet where you can acquire signatures to implement to detect the latest threats.