What is an intrusion detection system? Well, in it’s simplest definition an Intrusion Detection System (IDS) is a cyber burglar alarm!
Now, there are different types of these cyber burglar alarms. There are host based IDSs and network based IDSs. Host based IDSs are similar to a home burglar alarm. A host based IDS’s job is to protect the computer and all of the valuables contained within it.
A network-based IDS is more akin to security cameras at a mall. A network-based IDS monitors the traffic across the network (walkways and escalators) that is heading to different hosts (stores).
Within the category of host-based and network-based intrusion detection systems, there are a set of sub-categories: signature based and behavior based. Behavior based IDSs are simple. If it looks like a duck and it walks like a duck, then it is, in fact, a duck.
However, these IDSs are prone to false positives, i.e. if it looks like a goose and it talks like a duck, then it must be a duck.
Signature-based IDSs are a little different. Signature-based IDSs take a fingerprint (hash) of every piece of software that is on a computer or network and matches it to a list of known malicious hashes (fingerprints of the bad guys) and alerts if a match is found.
Each type has its specific use cases, benefits, and drawbacks and the one you choose will depend on your specific business requirements.
Well there you have it folks, intrusion detections systems in a nutshell!
Until next time!