What_Are_Intrusion_Detection_Systems_

Document Sample
What_Are_Intrusion_Detection_Systems_ Powered By Docstoc
					Title:
What Are Intrusion Detection Systems?

Word Count:
629

Summary:
With computer hackers and identity thieves getting more computer
literate, the security your computer needs to keep them out has to always
stay at least one step in front. There is a different type of computer
safety tool that detects an attack or system intrusion before it has the
chance to harm your computer. It is called an IDS or Intrusion Detection
System and is another form of application layer firewall. Intrusion
detection systems are programmed to detect attempted mal...


Keywords:
intrusion detection systems


Article Body:
With computer hackers and identity thieves getting more computer
literate, the security your computer needs to keep them out has to always
stay at least one step in front. There is a different type of computer
safety tool that detects an attack or system intrusion before it has the
chance to harm your computer. It is called an IDS or Intrusion Detection
System and is another form of application layer firewall. Intrusion
detection systems are programmed to detect attempted malicious attacks or
intrusions by computer hackers trying to get into your system by
detecting inappropriate, incorrect, or anomalous activity. There does
seem to be some question of how well this system works when many personal
computer users are going to wireless online connections. Some will argue
that with the adoption of intrusion prevention technologies has created a
unique challenge for security professionals. In order to make this type
of system effective, such monitoring of these devices requires extensive
security expertise and time. If devices are incorrectly tuned and not
regularly updated, attacks of malicious traffic and intrusions may be
permitted. In order to prevent downtime, security professionals also must
continually check on these devices in order to keep the system running
smoothly.

There are three different types of intrusion detection systems.

A host-based Intrusion Detection Systems consists of an agen t on a host
that can identify intrusions by analyzing system calls, application logs,
and host activities. Network Intrusion Detection System is an independent
platform that identifies intrusions by examining network traffic and
monitors multiple hosts. These gain access to network traffic by
connecting to a hub, network switch configured for port mirroring, or
network tap.

Hybrid Intrusion Detection Systems combine both approaches and the host
agent data is combined with network information to form a comp lete view
of the network.
A Signature-Based Intrusion Detection System can identify intrusions by
watching for patterns of traffic or application data presumed to be
malicious. These systems are able to detect only known attacks, but
depending on their rule set, signature based IDS's can sometimes detect
new attacks which share characteristics with old attacks.

Anomaly-Based Intrusion Detection Systems identify intrusions by
notifying operators of traffic or application content presumed to be
different from normal activity on the network or host. Anomaly -Based
Intrusion Detection Systems typically achieve this with self -learning.

A Signature-Based Intrusion Detection System identifies intrusions by
watching for patterns of traffic or application data pres umed to be
malicious. These type of systems are presumed to be able to detect only
'known' attacks. However, depending on their rule set, signature-based
IDSs can sometimes detect new attacks which share characteristics with
old attacks, e.g., accessing 'cmd.exe' via a HTTP GET request.

An Anomaly-Based Intrusion Detection System identifies intrusions by
notifying operators of traffic or application content presumed to be
different from 'normal' activity on the network or host. Anomaly-based
IDSs typically achieve this with self-learning.

Features and Benefits The Managed Intrusion Prevention Service includes:

Configure and provision device

Create initial policy; update and tune policy on an ongoing basis

Monitor and report on health and security events 24x7

Industry leading Service Level Agreement

Report all security events on the Client Resource Portal

Flexible reporting options on Client Resource Portal

Notify customers of major security and health issues

Upgrade and patch devices

Seamless integration with VeriSign's Incident Response and Computer
Forensics team

Whether used for detection or prevention, Intrusion SecureNet technology
is peerless in accurately detecting attacks and proactively reporting
indicators of future information loss or service interruption. Using
pattern matching for performance and protocol decoding to detect
intentional evasion and polymorphic or patternless attacks, as well as
protocol and network anomalies before a new attack has a signature
created, the SecureNet System is ideal for protecting critical networks
and valuable information assets.