Tuesday, March 3, 2020

WHAT IS AN INTRUSION DETECTION AND PREVENTION SYSTEM (IDS)

An intrusion detection and prevention system is essential to help security professionals in detecting and responding to attacks and anomalies, and allows them to study the origin and structure of cyber attacks to create improved tools and processes that allow counteracting Future attacks

So what is an intrusion detection and prevention system?

It is one of the tools used to protect information management infrastructures. Denning (1987) clearly defines these systems as: "the elements that detect, identify and respond to unauthorized or abnormal activities."



The intrusion detection systems (IDS) were the first to appear, they are responsible for monitoring and detecting suspicious behavior and events both in host and network, in real time, then, these systems evolved to intrusion prevention systems (IPS ), which adopt a prevention and rapid response approach to suspicious events that occur, in addition to their analysis being often more complex. Today, these IDS and IPS systems are still found separately or in combination (IDS / IPS), depending on the implementation required.

 These systems can be implemented both on a network and on a particular host.


When deployed on host, they can monitor all traffic directed to a specific computer and unusual behaviors that occur in the system. When they are implemented in the network, they monitor all the traffic of the network and remain hidden from the attackers, while executing predefined actions before the attacks. There are also other categories for these systems, such as Wireless IDS / IPS that are implemented in wireless environments and Virtual IDS / IPS that are implemented in a virtual environment. The IDS / IPS base their operation by detecting events that coincide with those recorded in previously defined rule files or looking for unusual behavior patterns from data learned from what are considered normal activities performed on the network or host, that is, when Detect an activity that is not normally performed or that a user who connects during the day suddenly connects at dawn, will take it as unusual or suspicious behavior.

1 comment: