لطفا منتظر باشید ...
Intrusion Detection System
As explained in the previous section, digital IDs protect the integrity of your data end to end. In contrast, intrusion detection systems (IDSs) detect and prevent intrusions into your systems. IDSs are often referred to as intrusion protection systems or intrusion prevention systems.Chapter 5, "Security Policies," describes in detail how network administrators define the act of breaking into, abusing, or exploiting a system; it also defines the perpetrators of these actions. Intrusion detection is the technology used to detect whether someone is trying to exploit a system.Although the majority of intrusion attempts actually occur from within an organization and are usually perpetrated by insiders, the most common security measures protect the inside network from the outside world. Outside intruders are often referred to as crackers.Mechanisms are required to continuously detect both inside and outside intrusions. IDSs have proved to be effective solutions for both inside and outside attacks. These systems run constantly in your network, notifying network security personnel when they detect an attempt considered suspicious. IDSs have two main components: IDS sensors and IDS management.IDS sensors are software and hardware used to collect and analyze the network traffic. These sensors are available in two types, network IDS and host IDS.
- A host IDS is a server-specific agent that runs on a server with a minimum of overhead to monitor the operating system and applications residing on the server, such as HTTP, SMTP, and FTP.
- A network IDS can be embedded in a networking device, a standalone appliance, or a module to monitor the network traffic.
IDS management, on the other hand, acts as the collection point for alerts and performs configuration and deployment services in the network. Chapter 10 discusses a complete IDS in detail.
