Perimeter security
Intrusion Detection Systems

The safeguarding of security is becoming increasingly difficult, because the possible technologies of attack are becoming ever more sophisticated; at the same time, less technical ability is required for the novice attacker, as proven past methods are easily accessed through the Web. So, Intrusion detection systems (IDS) are being developed in response to the increasing number of attacks on major sites and networks.

Intrusion detection systems monitor the network traffic, work with signature databases and by using a heuristic analysis reveal suspicious patters in seemingly not related attempts for connection establishment (e.g. address range scanning, port range, signatures of known attacks ecapsulated withing the allowed connections etc.) The aim of IDSs is to detect unusual activities, which can lead to security violence in an operating systém or a computer network, and also a possible couterstrike against them.

IDS uses vulnerability assessment (sometimes referred to as scanning), which is a technology developed to assess the security of a computer system or network.

Intrusion detection functions include:

An intrusion detection system (IDS) inspects all inbound and outbound network activity and identifies suspicious patterns that may indicate a network or system attack from someone attempting to break into or compromise a system.

There are several ways to categorize an IDS:

Misuse detection vs. Anomaly detection

Network-based vs. Host-based systems

Passive system vs. Reactive system

Figure 17 shows a diagram of a network including a firewall and an IPS

Fig. 17 – Diagram of a NIPS (active NIDS) with firewall

An IDS differs from a firewall in that a firewall looks out for intrusions in order to stop them from happening. The firewall limits the access between networks in order to prevent intrusion and does not signal an attack from inside the network. An IDS evaluates a suspected intrusion once it has taken place and signals an alarm. An IDS also watches for attacks that originate from within a system.