IDS Definition

First, the IDS definition means Intrusion Detection System. It’s a software or hardware designed to monitor a network for malicious activities or potential security attacks and report them to a system administrator. The information collected by an IDS is stored inside a security information and event management (SIEM) system. Anti-virus software and firewalls running on your computer system are the most common example of IDS.

Although, IDS are only prevention systems that can monitor, detect, and alert about malicious or suspicious activities. Ultimately, they aren’t designed to stop the attacks. They’re either signature-based or behavior-based, depending on how they analyze data on a system. Signature-based IDS analyzes the system for misused activities and behavior-based IDS analyzes the systems for anomalies.

IDS Classification

The IDS definition is not complete without the classification. IDS classification is divided into two types, both based on deployment.

1. 1. Network Intrusion Detection System (NIDS)
      NIDS is designed to monitor the entire network. Network intrusion detection systems are strategically placed on multiple points within a network to monitor the traffic from all devices connected to the network, such as desktops, laptops, and mobile phones. NIDS frequently performs an analysis of the network traffic and checks up against a list of known attacks. If a potential attack or abnormal behavior is detected while analyzing the traffic, it will alert the system admin.
   2. Host Intrusion Detection System (HIDS)
      HIDS is placed on a single host and it monitors and checks for any suspicious or malicious activity on the host. HIDS takes host system’ snapshots during different time intervals and compares them together. Any changes detected in the snapshot due to malicious or suspicious activity will alert the system administrator. HIDS typically analyzes the operating systems files, software, logs, and network connections made by the host system.

NIDS and HIDS are both recommended in order to implement a complete intrusion detection system. NIDS is designed to monitor the network traffic and HIDS is designed to monitor the system for internal system compromises.