IDS
Intrusion Detection System
An IDS improves cybersecurity by recognizing a hacker or malicious software on a network so organization can remove it promptly to prevent a breach, incident or other problems, and use the data logged about the event to better defend against similar intrusion incidents in the future.
Investing in an IDS that enables you respond to attacks speedily can be far less costly than rectifying the damage from an attack and dealing with the subsequent legal issues.
From time to time, attackers will accomplish to compromise other security measures, such as cryptography, firewalls and so on. It is crucial that information about these compromises immediately flow to administrators, which can be easily accomplished using an intrusion detection system.
Deploying an IDS can also help administrators proactively identify vulnerabilities or exploits that a potential attacker could take advantage of. IDS can be grouped into the following categories:
Now the IDS comes in to the picture in below forms as;
• Network intrusion detection system (NIDS)
• Host-based intrusion detection system (HIDS)
• Perimeter Intrusion Detection System (PIDS)
• VM based Intrusion Detection System (VMIDS)
Host-based intrusion detection systems
Host-based IDSs are designed to monitor, detect and respond to activity and attacks on a given host. In most cases, attackers target specific systems on corporate networks that have confidential information. They will often try to install scanning programs and exploit other vulnerabilities that can record user activity on a particular host. Some host-based IDS tools provide policy management, statistical analytics and data forensics at the host level.
Host-based IDSs are best used when an intruder tries to access particular files or other services that reside on the host computer. Because attackers mainly attention on operating system vulnerabilities to breakdown into hosts, in most cases, the host-based IDS is integrated into the operating systems that the host is running.
Network-based intrusion detection systems
Network traffic based IDSs capture network traffic to detect intruders. Most often, these systems work as packet sniffers that read through incoming traffic and use specific metrics to assess whether a network has been compromised. Various internet and other proprietary protocols that handle messages between external and internal networks, such as TCP/IP, NetBEUI and XNS, are vulnerable to attack and require additional ways to detect malicious events. Frequently, intrusion detection systems have difficulty working with encrypted information and traffic from virtual private networks. Speed over 1Gbps is also a constraining factor, although modern and costly network-based IDSs have the capability to work fast over this speed.
Cooperative agents are one of the most important components of a distributed intrusion detection architecture. An agent is an autonomous or semi-autonomous piece of software that runs in the background and performs useful tasks for another. Relative to IDSs, an agent is generally a piece of software that senses intrusions locally and reports attack information to central analysis servers. The cooperative agents can form a network amongst themselves for data transmission and processing. The use of multiple agents across a network allows a broader view of the network than might be possible with a single IDS or centralized IDSs.
Perimeter intrusion detection system
A perimeter intrusion detection system is a device or sensor that detects the presence of an intruder attempting to breach the physical perimeter of a property, building, or other secured area. A PIDS is typically deployed as part of an overall security system and is often found in high-security environments like airport, military base, power plant, nuclear plant etc.
-DR
No comments:
Post a Comment