Intrusion detection guide

With the growing use of internet the threatspurpose of an Intrusion Detection System is to
attached to it are also growing. As more andidentify any passive or active and any internal or
more people are getting dependent on internet,external activity that is hostile to a network and
the hackers are inventing new ways to intrudethen to alert the concerned system administrator
into their systems and cause havoc for them. Byand also block it as it happens. Thus, it detects
intruding or by gaining unauthorized access to theirany unauthorized access or misuse of a computer
computers the hackers can access confidentialsystem and acts like a burglar alarm for a
information or can simply destroy their systemcomputer. Eventually many different Intrusion
and derive sadistic pleasure out of it. Thus,Detection Systems have been developed,
Intrusion Detection Systems (IDS) have becomehowever, the detection schemes generally fall into
the need of the hour.one of the two categories, anomaly detection or
The large number of computers accessingmisuse detection. Anomaly detectors sort out the
internet and the valuable information they containbehavior that deviates from the normal system
has made it the quintessential task to ensureuse. While on the other hand, misuse detectors
network security before establishing any kind oflook for the behavior that matches a known
network. Hackers can adopt different methods toattack scenario. Another sub-category of Intrusion
breach the network security. Most common ofDetection Systems is Network Intrusion Detection
them is by gaining unauthorized access to theSystems (NIDS). These systems look out for
information that is primarily private andsuspicious activity and monitor the packets.
confidential. This is very dangerous for a networkNetwork Intrusion Detection Systems can monitor
as this information can be misused or can bemany computers at a time over a network, while
modified by the hacker, which is also known asother intrusion detection systems may monitor
data diddling. This kind of modification of data canonly one.
render all the data stored on the computers thatUsually it is assumed that the people outside the
are connected to a network, to become useless.networks try to break into them and gain access
Thus, it can result in total chaos and disorder forto the private and confidential information.
any organization or individual. Some hackers mayHowever, the truth may be different for the big
even delete the data totally or may release acorporate houses. Here, the insiders pose a
virus in the network that can corrupt all the filesgreater threat to the information and the overall
on the computers including those of the operatingsecurity of the network. This is because they
system, which can render a computer to behave the insider's knowledge of the workings of
totally useless. Some other forms of networkthe company.
security threats are remote login capability, SMTPHence, though the network security threats are
hijacking, DNS, Macros and OS bugs.multiplying with the size of the network, we can
Because of these multiplying threats the Intrusionstill secure our networks by acting judiciously and
Detection Systems are gaining popularity andby having the necessary Intrusion Detection
have become an integral part of the overallSystems on our networks.
business strategy of an enterprise. The main