The Intrusion Detection System (IDS) can be defined as an automated security and defense system detecting hostile activities on a network or on a computer ( host or node). In addition, IDS attempts to prevent such malicious activities or reports to the network administrator responsible for the environment. It is a second-line defense mechanism. This means that only when there is evidence of an intrusion/attack that its mechanisms are used. The first defensive line is one that will try to limit or prevent access to the environment, which can be, for example, a firewall. The IDS can present a form of response to some type of attack, working in conjunction with the first line of defense, for example, including rules on the firewall or blocking the session in question. You can also report the malicious activities found to other network nodes.
What is IDS and how it works
According to the concepts described in one of the basic articles on IDS (see references at the end), we can conceptualize intrusion detection as a process for monitoring events that occur in a computer system or in a network and aims to analyze possible incidents, possible violations or imminent violations of the security rules of this environment. Incidents can have several causes, from the action of malware (worms, spyware, etc.) to attacks aimed at the unauthorized gain of the environment in question.
The use of IDS as a prevention system can involve everything from alerts to the network administrator and preventive exams to the obstruction of a suspicious connection. That is, the intrusion detection process is to preventively identify and respond to suspicious activities that may interfere with the principles of integrity, reliability, and availability. In addition, IDS tools are able to distinguish where the attacks originated from, inside or outside the network in question. IDS generally scan local files for traces of unsuccessful attempts to connect to the machine, or even in the layers of the TCP / IP stack model below the application layer, such as changes in the IP protocol header fields.
Read More: network intrusion prevention system
What is IDS and how it works
According to the concepts described in one of the basic articles on IDS (see references at the end), we can conceptualize intrusion detection as a process for monitoring events that occur in a computer system or in a network and aims to analyze possible incidents, possible violations or imminent violations of the security rules of this environment. Incidents can have several causes, from the action of malware (worms, spyware, etc.) to attacks aimed at the unauthorized gain of the environment in question.
The use of IDS as a prevention system can involve everything from alerts to the network administrator and preventive exams to the obstruction of a suspicious connection. That is, the intrusion detection process is to preventively identify and respond to suspicious activities that may interfere with the principles of integrity, reliability, and availability. In addition, IDS tools are able to distinguish where the attacks originated from, inside or outside the network in question. IDS generally scan local files for traces of unsuccessful attempts to connect to the machine, or even in the layers of the TCP / IP stack model below the application layer, such as changes in the IP protocol header fields.
Read More: network intrusion prevention system
google 4376
ReplyDeletegoogle 4377
google 4378
google 4379
google 4380
google 4381