Intrusion detection involves the process of monitoring events happening in a computer network and checking them for signs of intrusion. Intrusion can be anything that compromises the confidentiality and safety of the network. Intrusion detection can be done in many ways.
Intrusion Detection Systems (IDS) can be used to detect malicious software or any other hostile attacks within or outside of the network. It is more sophisticated than a firewall because it uses different algorithms or combinations to track illegal misuse. It also analyzes data and identifies other suspicious activities within the network.
Types of IDS
In a host-based system, the IDS software is on the server and monitors the server and some of its applications for unauthorized access and other unusual activity. The security administrator of the system is responsible for creating the host-based rules, which prompt the analysis of the event logs. Any user or login activity is then analyzed by the system. The system looks for unusual patterns that may indicate unauthorized attempts at accessing the network.
In a network-based system, the IDS software is in a local area network (LAN) server. Network data packets are filtered and analyzed in real time. They are then compared to a database of common attack patterns. These attack patterns, also called signatures, are common methods used by attackers to compromise a network.
1. The IDS can detect unusual activity from outside or within the network. It can alert administrators if someone from one department is trying to access files from another department without permission. It can also detect fake or stolen accounts that are trying to gain access to the system.
2. Internally, the IDS can detect when someone tries to bypass network security policies, whether it involves timekeeping or other activity that is prohibited during office hours and using office resources.
3. The IDS also retains evidence, which makes it impossible to tamper with data analyzed and stored by the network.