PC Security: What are
Intrusion Detection Systems?
by Ainuddin Mohamad
"The purpose of an intrusion
detection system (or IDS) is to detect unauthorized access or
misuse of a computer system. Intrusion detection systems are
kind of like burglar alarms for computers. They sound alarms
and sometimes even take corrective action when an...
Intrusion
Detection System (IDS) are a necessary part of any strategy
for enterprise security. What are Intrusion Detection
systems? CERIAS, The Center for Education and Research in
Information Assurance and Security, defines it this way:
"The purpose
of an intrusion detection system (or IDS) is to detect
unauthorized access or misuse of a computer system. Intrusion
detection systems are kind of like burglar alarms for
computers. They sound alarms and sometimes even take
corrective action when an intruder or abuser is detected. Many
different intrusion detection systems have been developed but
the detection schemes generally fall into one of two
categories, anomaly detection or misuse detection. Anomaly
detectors look for behavior that deviates from normal system
use. Misuse detectors look for behavior that matches a known
attack scenario. A great deal of time and effort has been
invested in intrusion detection, and this list provides links
to many sites that discuss some of these efforts". (http://www.cerias.purdue.edu/about/history/coast_resources/intrusion_detection/)
There is a
sub-category of intrusion detection systems called network
intrusion detection systems (NIDS). These systems monitors
packets on the network wire and looks for suspicious activity.
Network intrusion detection systems can monitor many computers
at a time over a network, while other intrusion detection
systems may monitor only one.
Who is breaking into your
system?
One common
misconception of software hackers is that it is usually people
outside your network who break into your systems and cause
mayhem. The reality, especially for corporate workers, is
that insiders can and usually do cause the majority of
security breaches. Insiders often impersonate people with more
privileges then themselves to gain access to sensitive
information.
How do intruders break into
your system?
The simplest
and easiest way to break in is to let someone have physical
access to a system. Despite the best of efforts, it is often
impossible to stop someone once they have physical access to a
machine. Also, if someone has an account on a system already,
at a low permission level, another way to break in is to use
tricks of the trade to be granted higher-level privileges
through holes in your system. Finally, there are many ways to
gain access to systems even if one is working remotely. Remote
intrusion techniques have become harder and more complex to
fight.
How does one stop intrusions?
There are
several Freeware/shareware Intrusion Detection Systems as well
as commercial intrusion detection systems.
Open
Source Intrusion Detection Systems
Below are a
few of the open source intrusion detection systems:
AIDE (http://sourceforge.net/projects/aide)
Self-described as "AIDE (Advanced Intrusion Detection
Environment) is a free replacement for Tripwire. It does the
same things as the semi-free Tripwire and more. There are
other free replacements available so why build a new one? All
the other replacements do not achieve the level of Tripwire.
And I wanted a program that would exceed the limitations of
Tripwire."
File System
Saint (http://sourceforge.net/projects/fss)
- Self-described as, "File System Saint is a lightweight
host-based intrusion detection system with primary focus on
speed and ease of use."
Snort (www.snort.org)
Self-described as "Snort® is an open source network intrusion
prevention and detection system utilizing a rule-driven
language, which combines the benefits of signature, protocol
and anomaly based inspection methods. With millions of
downloads to date, Snort is the most widely deployed intrusion
detection and prevention technology worldwide and has become
the de facto standard for the industry."
Commercial Intrusion Detection
Systems
If you are
looking for Commercial Intrusion Detection Systems, here are a
few of these as well:
Tripwire
http://www.tripwire.com
Touch
Technology Inc (POLYCENTER Security Intrusion Detector)
Http://www.ttinet.com
Internet
Security Systems (Real Secure Server Sensor)
http://www.iss.net
eEye Digital
Security (SecureIIS Web Server Protection)
http://www.eeye.com
About the Author
Ainuddin Mohamad is the Webmaster of
http://www.BestWebsites.com.my which is a Directory of Best Websites. Since
July 2000
BestWebsites.com.my has featured thousands of best websites in many
categories of interest with descriptions/reviews given by leading publications
and webmasters.
Related Articles: PC Security: 2006 Security Watch
PC Security: About Encryption and Making Your System Secure
PC Security: Computer Viruses that Come a Callin’
PC Security: Fighting Spam
PC Security: Fighting off Viruses: Advancements in Antivirus Software Suites
PC Security: Finding the Security Suite that meets your needs
PC Security: How many spyware items are infecting your computer?
PC Security: Just what is Intelligent Explorer? For your safety, you really need to know
PC Security: Parental Peace of Mind
PC Security: Phishing For Your Identity
PC Security: Protection You Can Afford
PC Security: Securing Your Computer System
PC Security: Spam Buster
PC Security: Spyware Beware
PC Security: Surfing the Web Anonymously – Questions to Ask
PC Security: The Advancement of the Keylogger
PC Security: Trojan Horse….Greek Myth or Computer Nemesis?
PC Security: Website Security Rules of the Road
PC Security: What the Heck are Botnets?
PC Security: Who are the Players in the Antivirus Industry?
PC Security: Why Do I Feel Like Somebody’s Watching Me? Part 1
PC Security: Department of Defense Crackdown on Security
|
