Intrusion Detection
Information Technology security is an enormous part of today’s infrastructure protection and sustainment, and can be described as any activity that protects the usability reliability, integrity and welfare of your network and information. Intrusion detection is an immensely important measure of IT security and can help in the protection of your assets. Intrusion detection can be easily described as a category of security management system for computers and networks. An intrusion detection system or (IDS), is a system that gathers and analyzes information from designated regions within an organizations computer systems or networks in order to identify possible breaches in security. Breaches include both intrusions by external threats of the organization, and misuse of access inside the association. IDS’ perform vulnerability assessments, which is a scanning system developed to evaluate computer or network security. IDS are a very important part of today’s security scene because of the growing number of attacks on both civilian and military networks around the world. IDS are not just one dimensional either; they come in many shapes and sizes to conform to specific organizational needs.
The main problem with today’s infrastructure systems is that they are all subject to electronic attacks by anyone and everyone with the means and motive to attack. There are multiple vulnerability assessment tools, and other intrusion tools, that can be found on the internet both for personal and commercial uses. The problem is that anyone can get a hold of these tools and use them in a destructive way for multiple reasons to attack a network. A few examples of tools that are used to scan and identify vulnerabilities are Nmap, SubSeven, L0ftCrack, BackTrack, BackOrifice. Some programs even have the ability to take advantage of weaknesses found and penetrate systems with attacks. While these are mainly created for ethical use, they are far too often used to reach unethical ends. Pretty much all organizations have firewalls in place to protect unauthorized access to infrastructure systems, but sometimes firewalls cannot completely keep out all intruders. This is where the IDS comes in and gives another layer of protection for an organization’s systems. With different system needs in different environments, multiple types of IDS are available. The two main types are host intrusion detection systems, and network intrusion detection systems. These two distinct setups can have different styles of detecting infractions. A few examples can be signature based, anomaly based, passive systems, and reactive systems.
Network Intrusion Detection Systems (NIDS) are described as devices positioned at tactical point(s) within a network, to monitor traffic between devices in the network. In a perfect situation, you would be able to scan and monitor all incoming and outgoing traffic in which packets are analyzed that are disguised to be overlooked by firewalls. The only downside of a setup like this is that a bottleneck effect can be created and slow down traffic, both inbound and outbound. Host intrusion detection systems (HIDS) are essentially perform in the same way with one major difference, HIDS run on individual hosts and computer systems. A HIDS will then alert security administrators when suspicious activity has occurred with the host.
Once a NID or a HID is chosen, we can look at signature and anomaly based intrusion detection systems, which will decide how the threats are monitored and found within the systems. Signature based IDS’ monitor traffic and compares them to a built in catalog of specific signatures, or traits, from known malevolent attacks. This works very similar to many anti-virus programs when detecting malware in devices. The main problem with using a signature based IDS is that there will be latency between discovering a new threat and the IDS detecting and applying new policies to