INTRUSION DETECTION SYSTEMS:

With the global Internet connection, network security has gained significant attention in the research and industrial communities. An Intrusion Detection System (IDS) is a software designed to detect unwanted attempt sat accessing, manipulating or disabling of computer systems, especially through a network. It is a specialized tool that knows how to parse and interpret network traffic and host activities.

The main target of IDS is to detect intrusions and intrusion attempts within our network, allowing a savvy admin to take appropriate mitigation and remediation steps. IDS will not prevent these attacks, but it will let you know when they occur. Intrusion Detection Systems, IDS, analyze network traffic and generate alerts when malicious activity is discovered. They are generally able to reset TCP connections by issuing specially crafted packets after an attack begins and some are even able to interface with firewall systems to re-write firewall rule sets on the fly.

The purpose of intrusion detection is to provide monitoring, auditing, forensics and reporting of network malicious activities.

• Preventing network attacks
• Identifying the intruders
• Preserving logs, in case the incident leads to criminal Prosecution.

Intrusion detection systems are classified into two general types known as Signature based and Heuristic based. IDSs that operate on a single workstation are known as Host Intrusion Detection System (HIDS), while those that operate as stand-alone devices on a network are known as NIDS.

INTRUSION PRTEVENTION SYSTEMS:

Intrusion Prevention Systems (IPSs) have become widely recognized as a powerful tool and an important element of IT security safeguards. An IPS is any device that has the ability to detect attacks, both known and unknown and prevent the attack from being successful. IPS technologies are differentiated from IDS technologies by one characteristic, i.e., IPS technologies can respond to a detected threat by attempting to prevent it from succeeding.

The IPS not only detect the bad packets caused by malicious codes, botnets, viruses and targeted attacks, but also it can take action to prevent those network activities from causing damage on network. The attacker’s main motive is to take sensitive data or intellectual property through which they become interested in whatever they can get from customer data like employee information, financial records, etc. The IPS is specified to provide protection for assets, resources, data and networks.

• IPS stops the attack itself
• IPS changes the security environment

COMPONENTS OF AN IDS/IPS:

IDS/IPS systems typically consist of the following components:
• Data pre-processor- Collects and formats the data to algorithm.
• Detection algorithm- Based on the detection “normal” and “intrusive” audit records.
• Alert filter- Based on the decision criteria and the detected intrusive activities, estimates their severity and alerts the operator/manages responsive activities (usually blocking IPS).

CHARACTERISTICS OF IPS AND IDS:

There are some common characteristics of IPS and IDS. These are:-
1. IDS and IPS are an important feature in a layered security deployment, products falling under these categories only partially address the unique requirement of networks.
2. Host based IDS and IPS systems cannot provide the security zone segmentation and quarantine functions critically to prevent the spread of worms and attacks within the network.
3. The attack protection capabilities of IPS and IDS are limited to the specific devices on which the products are installed.
4. Both IDS and IPS primarily rely on outdated signature files or other response- based security mechanisms to offer limited real- time protection.
5. Both IPS and IDS tools are designed to monitor network activity for signs of misuse.