An intrusion detection system (IDS) is a system that inspects all the incoming and outgoing traffic in a network. It tries to identify suspicious patterns of activity that suggest that an attack against the network is occurring.
An IDS watches for malicious activity not only in the incoming traffic but also in the outgoing traffic because it is possible for benign-looking incoming traffic to launch attacks from within the system. In the latter case, it evaluates a suspected intrusion after it has occurred and then raises an alarm, unlike a firewall, which looks for and seeks to prevent intrusions only in the incoming traffic.
An IDS is made up of sensors, a console and a central engine. The sensors watch for suspicious activity, while the console sends alerts and monitors the system. The central engine logs inappropriate, incorrect or anomalous activity useful in generating alerts.
An IDS can be network-based, meaning that it monitors network traffic at multiple points in the network, or host-based, meaning that it monitors activities of a specific system (or host) in the network and protects system files and control mechanisms. An IDS can be software-based, hardware-based or a combination of the two.
References
- Intrusion Detection System
(Wikipedia) - What is intrusion detection? (SearchSecurity.com)
Print view
Email to a friend
Submit to Reddit
Save to del.icio.us
Submit to Digg.com
Stumble It!