Analysing Intrusion Detection System In Security

Analysing Intrusion Detection System In Security

 

An Intrusion Detection System (IDS), shown in the figure, is either a dedicated network device or one of several tools in a server or firewall that scans data against a database of rules or attack signatures, looking for malicious traffic. If a match is detected, the IDS will log the detection, and create an alert for a network administrator.

 

The Intrusion Detection System does not take action when a match is detected so it does not prevent attacks from happening. The job of the IDS is merely to detect, log and report.

 

 

The scanning performed by the IDS slows down the network (known as latency). To prevent against network delay, an IDS is usually placed offline, separate from regular network traffic. Data is copied or mirrored by a switch and than forwarded to the IDS for offline detection. There are also IDS tools that can be installed on top of a host computer operating system, like Linux or Windows.

 

YOU CAN ALSO READ  8 Ways of Avoiding Mobile Device theft

 

An Intrusion Prevention System (IPS) has the ability to block or deny traffic based on a positive rule or signature match. One of the most well-known IPS/IDS systems is Snort. The commercial version of Snort is Cisco’s Sourcefire.

intrusion detection system

Sourcefire has the ability to perform real-time traffic and port analysis, logging, content searching and matching, and can detect probes, attacks, and port scans. It also integrates with other third-party tools for reporting, performance and logs analysis.

 

IDS and IPS

An Intrusion Detection System (IDS), shown in the figure, is either a dedicated network device or one of several tools in a server or firewall that scans data against a database of rules or attack signatures, looking for malicious traffic. If a match is detected, the IDS will log the detection, and create an alert for a network administrator.

 

The Intrusion Detection System does not take action when a match is detected so it does not prevent attacks from happening. The job of the IDS is merely to detect, log and report.

 

YOU CAN ALSO READ  Understanding Network Component Terminologies in Networking

The scanning performed by the IDS slows down the network (known as latency). To prevent network delay, an IDS is usually placed offline, separate from regular network traffic. Data is copied or mirrored by a switch and than forwarded to the IDS for offline detection. There are also IDS tools that can be installed on top of a host computer operating system, like Linux or Windows.

 

 

An Intrusion Prevention System (IPS) has the ability to block or deny traffic based on a positive rule or signature match. One of the most well-known IPS/IDS systems is Snort. The commercial version of Snort is Cisco’s Sourcefire.

 

Sourcefire has the ability to perform real-time traffic and port analysis, logging, content searching and matching, and can detect probes, attacks, and port scans. It also integrates with other third-party tools for reporting, performance and logs analysis.

 

YOU CAN ALSO READ  How to Obtain Digital Signature for websites

Now your take on this argument.

We would also like to hear what you feel about the topic we discussed today. Your feedback is very important to us. Feel free to drop your comments and recommendations. If you have a contrary opinion, you can drop that too.

You can also joint our Facebook Page CRMNigeria for more updates. You can do that by clicking on the link or searching for our page on Facebook.

 

You can also joint our WhatsApp Group Here.

 

Enter your email address to get updates when we post our next article. you have to click on the link in the email sent to you to confirm your subscription. If you have been receiving our email updates and it is no longer active, please subscribe again.:

Delivered by FeedBurner

 81 total views,  7 views today

Adeniyi Salau

Adeniyi Salau Scrum Master Certified , CCNA R&S , BeingCert and Scrum Certified Digital Marketing Professional, CEP, MOS, MCP, CSCU (Project 2016), Microsoft Certified Security and Networking Associate is a Google and Beingcert Certified Digital Marketer, Project Manager and SEO Expert of repute with about a decade of Blogging and online marketing experience. He is always ready to share his experience with others.

Write a Comment

Your email address will not be published. Required fields are marked *

CommentLuv badge
%d bloggers like this: