Intrusion Detection and Prevention Systems

What is an Intrusion Detection System (IDS)

An intrusion detection system (IDS) is a device or software that is placed on a network to monitor network traffic for malicious activities using signatures that match known cyberattacks or policy violations. Policy violations and malicious activities are reported to an information system administrator or collected in a security information and event management (SIEM) system.

An IDS is a network security solution that monitors traffic that is moving through the network and information systems to alert on any suspicious activity, known threats, or malicious activities. It is vital to have an intrusion detection system as a network security solution to allow IT personnel to be notified when an attack or other network intrusion is taking place to allow an immediate response to any malicious traffic.

What are the Different Types of Intrusion Detection System

Network intrusion detection systems (NIDS)

Network-based intrusion detection systems (NIDS) are placed throughout a network to passively inspect traffic. NIDS can be software or hardware-based. Often NIDS have two network interfaces which include the promiscuous mode for monitoring network traffic and the other is for reporting.

Host-based intrusion detection systems (HIDS)

Host-based intrusion detection systems (HIDS) monitor and analyze the internal computing systems and network packets on interfaces. It monitors the computer infrastructure where it is installed and provides continuous information via reporting on the information system.

Perimeter intrusion detection system (PIDS)

A perimeter intrusion detection system (PIDS) is a device that detects any intrusions on the physical perimeter of an organization’s property, building, or designated area.

Virtual Machine-based intrusion detection system (VIDS)

Virtual Machine-based intrusion detections system (VIDS) is deployed remotely from a virtual machine to provide intrusion detection monitoring and alerts usually for other virtual machines. The benefit is that it is isolated from the target machine.

Intrusion Detection and Prevention Systems (IDPS)

An intrusion detection and prevention system (IDPS) is software or a device that monitors network packets against a known cyber threat database that has signatures of cyberattacks. IDPS detects intrusions, alerts personnel or a SIEM on intrusions, and also can prevent the packets on the network from being delivered. IDPS are usually located in the same area of the network as firewalls which are generally between the internal network and external internet. IDPS take a proactive instead of a reactive role and will deny access to any network traffic that matches signatures of known security threats.