Intrusion detection guide


With the growing use of internet the threats attached to it are also growing. As more and more people are getting dependent on internet, the hackers are inventing new ways to intrude into their systems and cause havoc for them. By intruding or by gaining unauthorized access to their computers the hackers can access confidential information or can simply destroy their system and derive sadistic pleasure out of it. Thus, Intrusion Detection Systems (IDS) have become the need of the hour.

The large number of computers accessing internet and the valuable information they contain has made it the quintessential task to ensure network security before establishing any kind of network. Hackers can adopt different methods to breach the network security. Most common of them is by gaining unauthorized access to the information that is primarily private and confidential. This is very dangerous for a network as this information can be misused or can be modified by the hacker, which is also known as data diddling. This kind of modification of data can render all the data stored on the computers that are connected to a network, to become useless. Thus, it can result in total chaos and disorder for any organization or individual. Some hackers may even delete the data totally or may release a virus in the network that can corrupt all the files on the computers including those of the operating system, which can render a computer to be totally useless. Some other forms of network security threats are remote login capability, SMTP hijacking, DNS, Macros and OS bugs.

Because of these multiplying threats the Intrusion Detection Systems are gaining popularity and have become an integral part of the overall business strategy of an enterprise. The main purpose of an Intrusion Detection System is to identify any passive or active and any internal or external activity that is hostile to a network and then to alert the concerned system administrator and also block it as it happens. Thus, it detects any unauthorized access or misuse of a computer system and acts like a burglar alarm for a computer. Eventually many different Intrusion Detection Systems have been developed, however, the detection schemes generally fall into one of the two categories, anomaly detection or misuse detection. Anomaly detectors sort out the behavior that deviates from the normal system use. While on the other hand, misuse detectors look for the behavior that matches a known attack scenario. Another sub-category of Intrusion Detection Systems is Network Intrusion Detection Systems (NIDS). These systems look out for suspicious activity and monitor the packets. Network Intrusion Detection Systems can monitor many computers at a time over a network, while other intrusion detection systems may monitor only one.

Usually it is assumed that the people outside the networks try to break into them and gain access to the private and confidential information. However, the truth may be different for the big corporate houses. Here, the insiders pose a greater threat to the information and the overall security of the network. This is because they have the insider’s knowledge of the workings of the company.

Hence, though the network security threats are multiplying with the size of the network, we can still secure our networks by acting judiciously and by having the necessary Intrusion Detection Systems on our networks.

Leave a Reply

You must be logged in to post a comment.