Expert – Cybersecurity
Reading Time – 1 minute, 37 seconds
The IDS definition means Intrusion Detection System. It’s a software or hardware that is designed to monitor a network for malicious activities or potential security attacks and report them to a system administrator. The information collected by an IDS is stored inside a security information and event management (SIEM) system. The most common examples of this system are anti-virus software and firewalls that you run on your computer system.
IDS are only prevention systems that can monitor, detect, and alert about malicious or suspicious activities. They are not designed to stop the attacks. They are either signature-based or behavior-based depending on how they analyze data on a system. Signature-based IDS analyzes the system for misuse activities and behavior-based IDS analyzes the systems for usage anomalies.
The classifications of IDS
- Network Intrusion Detection System (NIDS)
NIDS is designed to monitor the entire network. Network intrusion detection systems are strategically placed on multiple points within a network to monitor the traffic from all devices connected to the network such as desktops, laptops, and mobile phones. NIDS frequently performs an analysis of the network traffic and checks up against a list of known attacks. If a potential attack or abnormal behavior is detected while analyzing the traffic, it alerts the system admin about it.
- Host Intrusion Detection System (HIDS)
HIDS is placed on a single host and it monitors and checks for any suspicious or malicious activity on the host. HIDS takes snapshots of the host system during different time intervals and compares them together. If a change in the snapshots is detected due to malicious or suspicious activity, HIDS alerts the system administrator about it. HIDS typically analyzes the operating systems files, software, logs, and network connections made by the host system.
Now that you know the IDS definition let’s learn the two types based on deployment.
It is recommended to use both NIDS and HIDS to implement a complete intrusion detection system as NIDS is designed to monitor the network traffic and HIDS is designed to monitor the system for internal system compromises.