Intrusion Detection System

Intrusion Detection

If someone asked how they would get started with intrusion detection.  The first thing you would need to know whether they wanted to just detect threats or detect and block.  An IDS or intrusion detection system is the ability to monitor if an intrusion has happened.  This is considered a passive type of system.  An IPS or intrusion prevention system extends the IDS by allowing it to not only detect but block detected attacks (Palo Alto Networks, 2016).  These systems although very closely related are very different and understanding the benefits will be the first way of getting closer to selecting a appliance.

Also knowing if you needed an appliance to sit inline or outside the direct line of communication to your network is also important.  IDS sit out of the direct line of communication while IPS sit directly inline.  This matters greatly due to how the IPS will detect based off of rules like a firewall in reverse.  Enterprise firewalls allow specific packets and deny everything else.  IPS will see a packet and look down a list of rules to deny and then finally allow a packet.  An IDS will look at specific points in the network.   You can compare the IDS to a protocol analyzer that returns excruciating amounts of detailed information about a network given the security engineer more granular visibility (Snyder, n.d.).

My recommendation would be to stay away from the hybrid appliances that combine the two concepts of IPS and firewall.  Unless you’re only trying to protect a small set of computers on a network much like a small branch office.  An IDS will allow you to have more visibility while the IPS gives more control overall.

Top 3 Free IDS Software Applications

  1. SNORT

png;base64643b14d34b63412a

 

2. SURICATA

 

suricata

3. Bro

png;base64946af818fec1b859

References

Palo Alto Networks. (2016). Retrieved from https://www.paloaltonetworks.com/documentation/glossary/what-is-an-intrusion-detection-system-ids

Snyder, J.Retrieved from http://searchsecurity.techtarget.com/Do-you-need-an-IDS-or-IPS-or-both

Vacca, J. R. (2013). Computer and information security handbook. Amsterdam: Morgan Kaufmann Publishers is an imprint of Elsevier.

 

2 thoughts on “Intrusion Detection System

  1. I was just looking at your Intrusion Detection System – GorillaInfoSec site and see that your site has the potential to become very popular. I just want to tell you, In case you didn’t already know… There is a website service which already has more than 16 million users, and the majority of the users are looking for websites like yours. By getting your website on this network you have a chance to get your site more visitors than you can imagine. It is free to sign up and you can find out more about it here: http://www.axurl.com/5i – Now, let me ask you… Do you need your site to be successful to maintain your business? Do you need targeted traffic who are interested in the services and products you offer? Are looking for exposure, to increase sales, and to quickly develop awareness for your website? If your answer is YES, you can achieve these things only if you get your website on the network I am talking about. This traffic network advertises you to thousands, while also giving you a chance to test the service before paying anything at all. All the popular sites are using this network to boost their readership and ad revenue! Why aren’t you? And what is better than traffic? It’s recurring traffic! That’s how running a successful site works… Here’s to your success! Find out more here: http://www.axurl.com/5i

Leave a Reply

Your email address will not be published. Required fields are marked *