Intrusion Detection System
An intrusion detection system is a network of devices designed to detect threats to computer systems.
Intrusion detection systems use different techniques to look for suspicious activity such as the following:
- Malicious code such as viruses and worms
- Network attacks
- User activities
- Denial of service attacks
- Malicious activity from within a host
Intrusion detection systems have a variety of uses including protecting a business’s information and assets, detecting attacks on the business or other hosts, and monitoring the performance of the business’s own services.
Intrusion detection as a technology is not new, it has been used for generations to defend valuable resources.
Kings, emperors, and nobles who had wealth used it is rather an interesting way. They built castles and palaces on the tops of mountains and sharp cliffs with observation towers to provide them with a clear overview of the lands below where they could detect any attempted intrusion ahead of time and defend themselves.
Empires and kingdoms grew and collapsed based on how well intrusions from the enemies surrounding them, could be detected. In fact, according to the Greek legend of the Trojan Horse, the people of Crete were defeated by the Greeks because the Greeks managed to penetrate the heavily guarded gates of the city walls.
Purpose of Using Intrusion Detection System
The main goal of an intrusion detection system is to detect security threats by monitoring traffic and the activity on a system. Intrusion detection systems can be software-based, which are typically installed on each workstation or on the network gateway. If installed on the network gateway, the IDS can be accessed by remote users to report suspicious activity.
Intrusion detection systems should be considered as a layer of security on top of the underlying operating systems, network, and services, and not in place of these layers. An IDS should only be installed if there is a clear need to monitor that area of the network.