Intrusion Detection Systems

Valuable property needs to be protected from the prospect of theft and destruction. Modern homes are equipped with alarm systems that can deter burglars, notify authorities when a break-in has occurred, and even warn owners when their home is on fire. Such measures are necessary to assure the integrity of homes and the safety of homeowners.

The same assurance of integrity and safety should also be applied to computer systems and data. The Internet has facilitated the flow of information, from the personal to the financial. At the same time, it has fostered just as many dangers. Malicious users and crackers seek vulnerable targets such as unpatched systems, systems infected with trojans, and networks running insecure services. Alarms are needed to notify administrators and security team members that an breach has taken place so that they can respond in real-time to the threat. Intrusion detection systems have been designed as such a warning system.

An intrusion detection system (IDS) is an active process or device that analyzes system and network activity for unauthorized entry and/or malicious activity. The way that the IDS detects anomalies can vary widely; however, the aims are the same — catch perpetrators in the act before they do real damage to your resources.

IDSes protect a system from attack, misuse, and compromise. It can also monitor network activity, audit network and and system configuration for vulnerabilities, analyze data integrity, and more. Depending on the detection methods you choose to deploy, there are several direct and incidental benefits to using an IDS.

Some IDSes are knowledge-based, which preemptively alert security administrators before an intrusion occurs using a database of common attacks. Alternatively, there are behavioral IDSes that track all resource usage for anomalies, which is usually a positive sign of malicious activity. Some IDSes are standalone services that work in the background and passively listen for activity, logging any suspicious packets from the outside. Others mix standard system tools, modified configurations, and verbose logging with administrator intuition and experience to create a powerful intrusion detection kit.
 

 
Cisco IDS 4250

Cisco 4235 sensor
10/100/1000BT w/RJ45
Software with SSH

 

Home I About I Services I Web Design I Contact I AUP

© 2006 COLOCATION AMERICA, INC.
This content requires the Macromedia Flash Player. Get Flash