As we well know, the network is full of people with malicious intentions who want to get hold of our information such as: Bank details, Private personal information, Business information and many other things. Thanks to this, there are tools that help us protect ourselves from these, such as the IDS (Intrusion Detection System) which we will see how it acts and works against these threats.
An Intrusion Detection System (IDS) is a component within the computer security model of an organization. It consists of detecting inappropriate, incorrect or anomalous activities, from outside or inside a device or a network infrastructure. The IDS is based on the hypothesis that the behavior pattern of an intruder is different from that of a legitimate user, which is used for its detection by analysis of usage statistics.
The operation of an Intrusion Detection System is based on the detailed analysis of network traffic or the use of devices. For the evaluation, the situation is compared with signatures of known attacks, or suspicious behavior. Most IDS usually have a database of known attack “signatures” that allow you to distinguish between normal use of a device and fraudulent use.
In a communications network, an IDS not only analyzes what type of traffic is used, but also reviews its content and behavior; In addition, it watches if a port scan occurs or the transmission of malformed data packets, among other aspects. Normally an IDS is integrated with a firewall, preferably in a device that works as a gateway to a network. This association is very powerful, since it combines the intelligence of the IDS and the blocking power of the firewall, at the point where packets must pass through and can be blocked before entering the network.
Any intrusion detection system, whatever its type and operating base, should have the following characteristics:
▸It must run continuously without human supervision. The system must be reliable enough to be able to run in the background as part of the device or network that is being watched.
▸This system must be able to survive a system crash.
▸It should impose minimal overhead on the system. A system that consumes a lot of computational resources should not be used.
▸It must be easily adaptable to the operating system already installed, since each one has a different operating pattern and the defense mechanism must adapt easily to those patterns.
Other reads:
The fundamental principles of Cybersecurity
Red and Blue Team – what functions does they cover
