Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors

What is Intrusion Detection System (IDS) ?

An Intrusion Detection System (IDS) is like a security guard for computer networks. Its main job is to watch out for any suspicious activities or potential attacks on a computer or network.

Detecting Threats:

  • IDS is designed to find vulnerabilities or weaknesses in a computer system or network.
  • It looks for signs of someone trying to exploit these weaknesses to break into the system. Intrusion Prevention Systems (IPS):
  • IPS is like an upgraded version of IDS. It not only detects threats but also has the ability to stop them.
  • It can block potential attacks, making it more powerful than traditional IDS.

Out-of-Band Placement:

  • IDS doesn’t actively participate in the direct flow of information. It sits on the sidelines, watching the network traffic but not directly influencing it.

Traffic Analysis:

  • IDS uses a copy of the network traffic (like a duplicate stream) to analyze for any suspicious behavior.
  • It doesn’t disrupt the actual communication but observes a duplicate to avoid causing issues.

Reporting to Administrators:

  • When IDS finds something fishy, it reports the findings to a human administrator.
  • However, it doesn’t automatically fix the problem; it relies on a person to take action.

Not Perfect for Prevention:

  • IDS is not foolproof; attackers can be very quick in exploiting vulnerabilities once they’re inside the network.
  • It’s better at detecting and alerting than actively stopping attacks in real-time.

Leave a Comment