Explain

​

An Intrusion Detection System, sometimes known as IDS, is a piece of security software which was designed to alert administrators and it only does this when suspicious patterns are found. These patterns are found by the system inspecting inbound and outbound network traffic and activity. When these patterns are found, it may indicate to the system that someone is trying to compromise the system. The system is looking for specific patterns in which the administrators have configured. There are many different types of IDS, one is called anomaly detection, and this is where the administrators define what the network should be like normally, including details about the network’s traffic load, packet sizes, breakdown and protocols. In order to look for anomalies, the system will compare the network to what it’s like to the original baseline or normal results. In misuse detection, it uses a database of attack signatures in order to compare packets against the results on what they have on a particular day. The system will look for attacks which have been documented in the database, on the network to see if any attacks are currently on-going. It will analyse information that it collects. Network-based systems will analyse the individual packets which are being transferred through the network. This system will then either not detect or detect packets. It is designed to find and inspect packets which are created to slip through the firewalls filtering system. Host-based systems will inspect and examine individual hosts and the activities in which they are pursuing. A Passive System is an Intrusion Detection System which will detect possible security violation, and it will then log the information which comes with the breach and will alert the administrator straight away. A Reactive System is an Intrusion Detection System which will respond, instead of alerting, to the security breach by either logging off the users which is causing the breach, or it can do this by reprogramming or configuring the firewall filter to block the traffic coming from this source. Intrusion Detection System will use routing protocols to locate and identify the source of anomalies and any breach which may occur. IDS’s are sometimes confused with firewalls, however they are different but do essentially the same job. They are stronger than firewalls when protecting the system and data because they are able to respond to the threat instead of just limiting the access. They can isolate the threat and send a signal out to the administrators and do what they can to stop the threat until and administrator can stop it.