The pros and cons of the intrusion detection system

With its versatile technology, an intrusion detection system can detect attacks that a conventional firewall cannot detect. It analyzes the data packets up to the highest layer of the OSI model and supervises for this the applications executed individually. Anomaly detection systems can also detect new flexible attack patterns through their procedure, thereby increasing network security. However, do not believe that IDS software can replace the firewall, only a combination of the two security components provides optimal protection.

Since intrusion detection systems are active components of a network, they can also be a potential target for attack , especially if the intruder is aware of them. Due to their vulnerability to DOS attacks, that is to say targeted overload, IDS software can be extinguished in a very short time. In addition, the hacker can also take advantage of the automatic notification function of intrusion detection systems in order to launch DOS attacks from the IDS. In particular, the detection of anomalies is a major weakness in this case if the configuration is incorrect. Indeed, if the settings are too sensitive, the number of alert messages is then relatively high, and this even in the absence of unauthorized access.

In any case, you need to assess the costs, efforts and benefits of these security systems because you need not only the IDS software but also the appropriate hardware environment. And even if there are powerful open source solutions like that based on a Snort network , or based on a host like Samhain or the Suricata hybrid system , it is necessary to correctly install, configure and maintain.

Read More:   intrusion detection and prevention systems

What is an Intrusion Prevention System (IPS)?

In times of data leakage, such as constant leaks via e-commerce companies and the impact on the retail sector, which suffers an average of 4,000 information security threats each year, according to the Global State of Information Security Survey released by PwC in 2017, prevention becomes a strategic priority.

Intrusion detection (IDS) and intrusion prevention (IPS), because together we are stronger

With the level of attacks that we have today, remembering, for example, the cases of Ransomware, we cannot think about IDS versus IPS. Despite the differences in concept and applicability, both have the same objective: information security.

On a simple level, the difference is between detection and prevention. While IDS products are designed to inform you that something is trying to enter your system, IPS products try to prevent access.

IDS and IPS are designed for different purposes, but their technologies are similar. The applicability of the IDS is justified in situations where it is necessary to explain what happened in an attack, while the IPS stops the attacks. In short, an IDS system collects information that is not an IPS priority, such as port scans and other scans.

The efficiency of the Intrusion Prevention System - IPS  Security

An intrusion prevention system monitors network traffic and has the ability to take immediate action, based on a set of rules established by the network administrator, in cases where the intrusion occurs due to the nature of the attack and its speed.

The efficient use of the Intrusion Prevention System can, for example, discard a packet that it considers to be malicious and block all traffic from that IP address or port. Traffic that is considered legitimate or secure will be forwarded to the recipient without any apparent interruption or delay in the service.

The detection mechanisms perform the monitoring and analysis of traffic patterns, as well as individual packets, including address matching, string and HTTP substring, TCP connection analysis, detection of packet anomalies and traffic anomalies in port communication TCP / UDP.