|
Return to our article index.
An eye-opener to Intrusion Detection Systems
Intrusion Detection Systems, what are they? They are the
integral part of any strategy represented for enterprise
security. The Center for Education and Research in
Information Assurance and Security, CERIAS, has given a
clear and beautiful definition about Intrusion Detection
Systems (IDS), which we can see in detail in the coming
paragraph.
Purpose of an Intrusion Detection System:
What is the main purpose of using an intrusion diction
system? Do you wish to detect any unauthorized access of
your system? Then simply use an intrusion detection
system. Yes, this is the main objective of an intrusion
detection system.
How an IDS work:
When they find that there is an intrusion, they sound
alarms. Many a times, they even corrective measures all
by themselves. Even though there are different kinds of
intrusion detection systems, they are broadly classified
into anomaly detection or misuse detection. An anomaly
detector tries to find any behavior that is not normal,
meaning, any deviations. A misuse detector finds a
behavior that matches a known attack scenario. Go
through the website provided here to get a list of
discussions related to intrusion detection systems. You
may visit the website by clicking the following URL:
http://www.cerias.purdue.edu/about/history/coast_resources/intrusion_detection/
Intrusion Detection Systems can also be used in a
network and is termed as Network Intrusion Detection
Systems (NIDS). As the name suggests, a Network
Intrusion Detection Systems helps in monitoring not just
one computer but a group of computers in a network for
suspicious activities.
Intruder taking charge of your personal information:
Are you of the opinion that systems’ in your network
will be hacked only by outsiders? Then you are
absolutely incorrect with this opinion. In the corporate
world, insiders themselves can cause pandemonium and
havoc in the network. How do they do is, they try to
masquerade people who have more privileges and thereby
break into the systems to get hold of confidential data.
How do you think an intruder breaks in to your system?
It’s very simple. Once they gain physical access to your
system, alas…your system is hacked. Similarly, if a
person has an account in a system and the permission
level is low, then it is definitely easy to break into a
system. There are various methods through which
higher-level privileges can be given. Thinking that to
gain physical access to a system, the person should be
sitting in front of the system. Nah…not required. One
can gain physical access to a system even remotely. Such
remote intrusion techniques are now gaining popularity
and are harder to fight.
Stopping intrusions:
Both freeware/shareware and commercial intrusion
detection systems are now available, which can be used
to stop intrusions. Some of the open source intrusion
detection systems are listed below:
AIDE (Advanced Intrusion Detection Environment) is a
free replacement for Tripwire. It is very similar to the
semi-free Tripwire. You can download it by visiting the
website at: http://sourceforge.net/projects/aide
File System Saint is a lightweight host-based intrusion
detection system. It can be used without any problems,
that is, easy to use. Visit http://sourceforge.net/projects/fss
to download File System Saint.
There are open and close source Network intrusion
prevention systems. Snort helps to prevent and detect
intrusion in a network. This has the combined benefits
of various inspection methods, which include the
benefits of signature, protocol and anomaly based
inspection methods. You can download Snort from
www.snort.org.
Few commercial intrusion detection systems would
include:
Tripwire
http://www.tripwire.com
Touch Technology Inc (POLYCENTER Security Intrusion
Detector)
Http://www.ttinet.com
Internet Security Systems (Real Secure Server Sensor)
http://www.iss.net
eEye Digital Security (SecureIIS Web Server Protection)
http://www.eeye.com |
![[ Advertisement Info ]](http://www.cyberdiscovery.com/ledads/data/subliminal_final.gif)
![[ Advertisement Info ]](http://www.cyberdiscovery.com/ledads2/data/czone.gif)