Protect your Business from Cyber risks and Data Breach
Systems with No ‘Intrusion Detection System(IDS)’ are prone to Intrusions.
So, What is an IDS?
A simple IDS system is used to detect malicious attacks on a host computer. The purpose of an Intrusion detection system is to monitor the system and detect any possible intrusions.
Different types of intrusion detection systems are :
- Network Intrusion Detection System(NIDS): monitors incoming network traffic.
- Host Intrusion Detection System(HIDS): analyses important OS files.
- Protocol-Based IDS(PIDS)
- Application Protocol-Based IDS(APIDS)
- Hybrid IDS
With an IDS you will receive an alert whenever there are any intrusions detected.
Intrusion detection methods
There are two main types of Intrusion Detection methods to detect an attack or intrusions.
Signature-Based Intrusion Detection Method
Signature-based IDS detect possible intrusions by looking for specific signatures or patterns, such as known intrusion event sequences or byte sequence in network traffic. Signature Based IDS can’t detect new attacks, for which no pattern is available.
Anomaly-Based Intrusion Detection Method
Anomaly-based Ids are used to detect any possible intrusions that are often harder for a signature-based IDS to detect. It uses machine learning methods to compare new or abnormal behavior with a trusted model to detect intrusions.
Cons: Anomaly Based IDS sometimes suffers from false positives i.e. it can sometimes mark an unknown legitimate activity as malicious.
Advantages of an Intrusion Detection system
Pros of IDS are:
- Detects any intrusions in the system
- Bestows an additional layer of protection
- Provides the ability to quantify attacks
- Boosts efficiency of an organisation by saving time and cost.
Challenges of IDS
Cons of Intrusion Detection Systems are:
- In many cases an IDS generates False Positives and negatives.
- It requires an experienced and highly skilled engineer to administrator.
- Cannot check encrypted packets.
- The signature library needs to be updated frequently.
List of some of the most used opensource Tools to monitor your system.
Snort
Snort is Network-Based IDS(NIDS) deployed to monitor network traffic. This IDS monitors the traffic and compares it to a set of signatures and patterns, looking for intrusions.
OSSEC
Open-source Security Event Correlator(OSSEC) is another open-source host-based intrusion detection system. Thousands of organizations rely on OSSEC for log-based intrusion detection, file integrity monitoring, and active response.
Tripwire
This HIDS can be installed directly from EPEL repository. It monitors files on the host and provides alert if there are any changes made which are not intended to.
There are many more open-source tools used to monitor your system for any intrusions e.g. Suricata, Zeek(formerly Bro), and fail2ban.