XtelesisDo more with your network. Customer Login
Agent Login

 
 
     
   


Intrusion Detection Systems (IDS)

An IDS is to a firewall as a dog is to a deadbolt. The lock on your door is there to keep trouble outside; your watchdog is there to tell you when trouble's prowling your living room. Intrusion detection systems act lke watchdogs, inspecting inbound and outbound network activity and alerting you to patterns that indicate a successful network or system attack — whether it originated outside or inside the network. Firewalls, on the other hand, watch for and try to prevent intrusion attempts before they succeed by limiting access between networks, and do not track or block attacks from within.

In classifying intrusion detection systems, it's useful to begin with three simple questions:

Does it watch for anomalies or misuse?
In a misuse detection scenario, the IDS tracks and analyzes network activity, then compares the resulting information to large databases of attack signatures. (If this reminds of your antivirus software, you've got the right idea.) Because it's basically comparing the packets du jour to a record of already documented attacks, this sort of IDS is only as good as its data — which can be very good indeed.

In anomaly detection, a somewhat more dynamic approach, the system administrator defines the baseline state of the network — traffic load, typical packet size, normal mix of protocols used, and so on. The IDS then monitors network segments, seeking significant departures from the normal baseline.

Is it network-based or host-based?
A network-based intrusion detection system (or NIDS) analyzes the individual packets flowing through the network, sniffing out malicious packets that have been crafted to slip through a firewall's less rigorous filtering rules. A host-based system, on the other hand, tracks activity on each individual computer (host).

Is it passive or reactive?
In a passive system, the IDS detects a potential security breach, logs the information, and signals an alert. In a reactive system, the IDS responds to the suspicious activity by logging off a user or by reprogramming the firewall to block network traffic from the suspected malicious source.

   
 
 

Home | About Xtelesis | Solutions | Technologies | Products/Services | Success Stories | Learning Center | Support
Sitemap | Search | Contact Us | Privacy Policy | Terms Of Use | Guidelines For Linking | Contact Our Webmaster

© 2007 Xtelesis Corporation.
All rights reserved.