Computers on Alert with Intrusion Detection Systems

Integral to the strategy of an enterprise security program is the implementation of an intrusion detection system (IDS). But what exactly is meant by an intrusion detection system? Basically, as a general definition, an intrusion detection system is a system that alerts when the unauthorized misuse and access to a computer system occurs. You can think of them like home security and alarm systems except they are for computers.

Some of the intrusion detection systems will also activate a fallback or corrective procedure in the event a threat is detected. There are many variations of intrusion detection systems however for the most part they fit in one of two main categories. The first category are the intrusion detection systems that look for anomalies in system behavior—anything out of the ordinary when compared with day-to-day use. The second main category is detection of misuse. To detect misuse, the activity must be matched up with behavior that would indicate an attack. As you can imagine, intrusion detection is a very complex science and much work has been put into it.

Another category subordinate to an intrusion detection system is known as NIDS or network intrusion detection system. The network intrusion detection system’s main function is to examine network packet traffic and raise warnings if any activity indicating a possible threat occurring. Network intrusion detection systems can monitor several computers or just focus on a single computer.

Do you know who is accessing your computer?

The biggest mistake people make when the topic of software hackers comes up is that there is an assumption that they are doing their deeds externally to the local network. However the truth is that most security incidents involving company computers comes from the employees. Employees on the inside know more about how to get into the computer system and in many cases they know passwords of other people within the company.

Just how do the attackers get access to a system?

Attackers or intruders into a system will take the easiest route to get in first. The easiest route is of course already having physical access to the enterprise system. It’s hard to stop one who looks to the computer as a valid user of the system because nothing wrong will be initially detected. Even if a person has the lowest level of access to a system it can be a plus because there is always a possibility that higher access can get granted by searching for and detecting any holes in the security profile for a user. And then there are those who access systems remotely who have traditionally been high security risks. Remote access security risk becomes less of an issue as remote intrusion detection methods become more advanced.

Some Intrusion Detection Systems (Open Source)

AIDE. The acronym stands for the Advanced Intrusion Detection Environment. It is the free substitute for another product known as Tripwire. All of the same functionalities are present in Tripwire (which is not free) are found in AIDE plus more have been added. Their website can be found at http://sourceforge.net/projects/aide.

Snort. This intrusion detection system implements its own language based on a set of rules. You can find their product at www.snort.org.

File System Saint. This is an intrusion detection system that is host-based. Its website can be found at http://sourceforge.net/projects/fss.

More Intrusion Detection Systems (Commercial)

Some of the commercial intrusion detection systems include Tripwire (www.tripwire.com), Touch Technology, Inc’s POLYCENTER Security Intrusion Detector (www.ttinet.com), Internet Security System’s Real Secure Server Sensor (www.iss.net), and eEye Digital Security’s Real Secure Server Sensor (www.iss.net).

Article Source: http://www.spywaretool.com

Niche Profit Sites by