So What Are Intrusion Detection System

So What Are Intrusion Detection System



So, what are Intrusion Detection Systems?
Intrusion Detection System (IDS) are becoming a​ very important part of​ any strategy for​ enterprise
security .​
But what are Intrusion Detection systems? CERIAS, the​ Center for​ Education and​ Research in​ Information Assurance and​ Security, defines it​ this way:
The purpose of​ an​ intrusion detection system (or IDS) is​ to​ detect unauthorized access or​ misuse of​ a​ computer system .​
Intrusion detection systems are kind of​ like burglar alarms for​ computers .​
They sound alarms and​ sometimes even take corrective action when an​ intruder or​ abuser is​ detected .​
Many different intrusion detection systems have been developed but the​ detection schemes generally fall into one of​ two categories, anomaly detection or​ misuse detection .​
Anomaly detectors look for​ behavior that deviates from normal system use .​
Misuse detectors look for​ behavior that matches a​ known attack scenario .​
a​ great deal of​ time and​ effort has been invested in​ intrusion detection, and​ this list provides links to​ many sites that discuss some of​ these efforts(www.cerias.purdue.edu/about/history/coast_resources/intrusion_detection/)
There is​ a​ sub-category of​ intrusion detection systems called network intrusion detection systems (NIDS) .​
These systems are looking for​ suspicious activity and​ monitor the​ packets .​
Network intrusion detection systems can monitor many computers at​ a​ time over a​ network, while other intrusion detection systems may monitor only one.
Who wants to​ breaking into your system?
One common misconception of​ software hackers is​ that it​ is​ usually people outside your network who break into your systems and​ cause mayhem .​
the​ reality, especially for​ corporate workers, is​ that insiders can and​ usually do cause the​ majority of​ security breaches .​
Insiders often impersonate people with more privileges then themselves to​ gain access to​ sensitive information.
How do intruders break into your system?
The simplest and​ easiest way to​ break in​ is​ to​ let someone have physical access to​ a​ system .​
Despite the​ best of​ efforts, it​ is​ often impossible to​ stop someone once they have physical access to​ a​ machine .​
Also, if​ someone has an​ account on a​ system already, at​ a​ low permission level, another way to​ break in​ is​ to​ use tricks of​ the​ trade to​ be granted higher-level privileges through holes in​ your system .​
Finally, there are a​ lot of​ ways to​ gain access to​ systems even if​ one is​ working remotely .​
Remote intrusion techniques have become harder and​ more complex to​ fight.
How does one stop intrusions?
There are several Freeware/shareware Intrusion Detection Systems as​ well as​ commercial intrusion detection systems .​
Open Source Intrusion Detection Systems
Below are a​ few of​ the​ open source intrusion detection systems:
AIDE (sourceforge.net/projects/aide) Self-described as​ AIDE (Advanced Intrusion Detection Environment) is​ a​ free replacement for​ Tripwire .​
It does the​ same things as​ the​ semi-free Tripwire and​ more .​
There are other free replacements available so why build a​ new one? All the​ other replacements do not achieve the​ level of​ Tripwire .​
And I​ wanted a​ program that would exceed the​ limitations of​ Tripwire.
File System Saint (sourceforge.net/projects/fss) - Self-described as, File System Saint is​ a​ lightweight host-based intrusion detection system with primary focus on speed and​ ease of​ use .​
Snort (www.snort.org) Self-described as​ Snort® is​ an​ open source network intrusion prevention and​ detection system utilizing a​ rule-driven language, which combines the​ benefits of​ signature, protocol and​ anomaly based inspection methods .​
With millions of​ downloads to​ date, Snort is​ the​ most widely deployed intrusion detection and​ prevention technology worldwide and​ has become the​ de facto standard for​ the​ industry.
Commercial Intrusion Detection Systems
If you are looking for​ Commercial Intrusion Detection Systems, here are a​ few of​ these as​ well:
Tripwire
www.tripwire.com
Touch Technology Inc (POLYCENTER Security Intrusion Detector)
www.ttinet.com
Internet Security Systems (Real Secure Server Sensor)
www.iss.net
eEye Digital Security (SecureIIS Web Server Protection)
www.eeye.com




Related Articles:



Related Topics:

Systems News - Systems Guide - Systems Tips - Systems Advice - Systems Videos - Systems Support - Systems Questions - Systems Answers - Systems eBooks - Systems Help



Powered by Blogger.