Information Technology Reference
In-Depth Information
FIGUREĀ 11.3 A virtual firewall setup
Internet
Virtual switch
VM
VM
VM
Hypervisor
An intrusion detection system (IDS) is a machine or software application that passively
or actively monitors incoming traffic or system activities for malicious software and unusual
activity such as security violations and policy disagreements. The primary job of an IDS is to
detect unusual activity and send alerts to system administrators. There are two main catego-
ries of IDSs: network-based IDS (NIDS) and host-based IDS (HIDS).
Network-based IDSs are placed at strategic points within the network to monitor
traffic, such as on the subnet where firewalls are located to check for potential threats
to the firewalls.
http://en.wikipedia.org/wiki/Intrusion_detection_system
Alternatively, a host-based IDS runs on individual machines and only monitors the traf-
fic to and from the host. It takes a snapshot of the existing system and matches it to the
previous snapshot to check for differences. If critical system files were modified or deleted,
an alert is generated for the system administrators to investigate.
IDSs can also be passive or active. In a passive system, unusual activity such as security
breaches are detected, logged, and signaled to the system administrator. In an active or
reactive system, also called an intrusion prevention system (IPS), the system itself launches
an auto-response to the detected malicious activity by reprogramming the firewall or reset-
ting the connection. The idea is to protect the firewall and the internal network by blocking
network traffic from the suspicious source.
http://en.wikipedia.org/wiki/Intrusion_prevention_system
Commonly, the term IDPS is used to refer to a system that can both detect and prevent
suspicious activity.
 
Search WWH ::




Custom Search