Blog

Updating your main database: your brain

May 30 2018

IDS, Securing your Network from attacks

IDS, Securing your Network from attacks

IDS- Introduction Detection Systems, is simply an unauthorized system or network activity on one of your computers or networks. This can take the form of a legitimate user of a system trying to escalate his privileges and gain greater access to the system than he has been allowed, a remote and unauthenticated user trying to compromise a running service in order to create an account on a system, a virus running rampant through your e-mail system, or many other similar scenarios.

Detecting malicious activity when it comes from your own employees or users is one of the most important purposes for IDSs in many environments. In fact, a properly implemented IDS that is watched by someone besides your system administrators may be one of the few methods that can actually catch a system administrator when it is doing something malicious. This is one of the main reason why you should have network security personnel analysing IDS events and system administrators managing systems.

What is IDS able to do?

This is going to depend greatly on what type of IDS it is, and where it’s placed in your network. IDSs are classified by their functionality, loosely grouped into the following three categories:

  • Network – Based Intrusion Detection System (NIDS). Normally, it operates on nonpromiscuous mode, listening only for packets destined for its own media access control (MAC) address.
  • Host – Based Intrusion Detection System (HIDS). Differ from NIDSs in two ways. First, an installed HIDS protects only the system on which it resides, not the entire subnet, and second, the network card of a system with a HIDS installed normally operates in nonpromiscuous mode. Encrypted traffic is where especially shines.
  • Distributed Intrusion Detection System (DIDS). It is a combination of NIDS sensors, HIDS sensors, or both, distributed across your enterprise, and all reporting to a central correlation system. It is able to observe system-wide. Or even Internet-wide incident from the 50,000-foot view.

 

Why are Intrusion Detection Systems important?

IDSs provide an integral audit component of a robust security design and policy witch:

- Let you know when you are being scanned and when you are being attacked.

- Provide more information that you could get just by checking your server and firewall logs.

- Show the attacks that fail and the attacks that succeed and get real-time notification of attempted attacks.

- Demonstrate your own network traffic and become aware of misconfigurations as all as malicious attacks earlier than you may have noticed without an IDS.

Well, of course they are not the be-all, end-all solution to every security woe, but they are a valuable tool in the hands of a skilled security administrator. redBorder offers cloud-based Open Source IPS/ IDS protection, don't miss the opportunity to take advantage of its benefits!

 

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read more