Network intrusion detection system is in the nascent stage of development. The constant growth of malware and new vulnerabilities and DoS attacks have made it necessary for network intrusion detection and intrusion prevention systems. Only after a few systems being compromised and after a few security conscious individuals finding out these breaches does antivirus and other vulnerability detection scanner software add updates to their software. Intrusion prevention is effective against known methods of attack. Firewall and boundary devices are not able to identify attack signatures in the information they receive and so the need for IDS. Newer boundary devices are now being produced to include IDS. Intrusion detection systems are more like antivirus
What is an intrusion detection system?
A system that contains tools to read, interpret and identify traffic from a good source and a malicious source is an intrusion detection system. For example the intrusion detection using snort with win cap became popular on Windows NT systems. If the system has identified an attacker trying to gain access to some service or part of your system and has the means and stops the intruder then it becomes an intrusion prevention system as well. Intrusion detection and prevention systems thus blocks unauthorized use of a network or a system on the network. Its design is to detect and prevent any compromise in network security. These intrusions usually start with a port scan intrusion. If your ports are open and not secure then you are in big trouble and may be a target for Trojans and mal ware. Most firewalls are now built with a port scan intrusion detection system.
How does the intrusion detection system work?
Intrusion detection software is able to read and interpret the log files of routers, firewalls, servers, and other devices on the network. It then compares any suspicious activity with a database of attack signatures and activity patterns of mal ware and general traffic.
Once an activity pattern is close to an attack signature the IDS starts of an automatic set of actions like
- Issuing alarms and alerts
- Shutting down of internet links
- Shutting down of server in case of a DoS or DDoS
- Launching back traces to find the IP addresses of the attacker.
- Other advanced mode is collection of evidence of the attack pattern.
Please subscribe, leave a comment, follow this blog and share this article with your friends and colleagues.
by: http://kedirizone.blogspot.com
0 comments:
Post a Comment