Monitoring | Electro Sensors Products | ge smart home wireless

sensor analytics

June 16th, 2010 admin No comments

In the world of network and information security as Intrusion Detection and Intrusion Prevention Systems (IDS, IPS), which has been synonymous with alarm burglar and an electric fence, respectively. The former (IDS), mostly cautions, and generates alarms for intrusion or attacks on networks / Information infrastructure, while the later (IPS), are actively trying to block any disruption or attack the network.

Intrusion Detection System is considered a 'passive' safety solutions, as its main objective is to generate alarms and alerts to alert administrators of suspicious activity in the network, such as reconnaissance attacks, application exploits a system compromise, virus / worm activity, etc. There are generally two types of IDS: Network IDS (NIDS), which controls the operation of the entire network segment and Host IDS (HIDS), which is installed on a particular server only inspect the traffic on this server. Detection mechanism system is usually based on the build-in database of attack signatures and patterns. To detect malicious activity, the system collects traffic (either network or host level), and compares it is his signature database match known attacks. If there is a match, the system triggers an alarm. It is essential that the system updates its signature database regularly. This creates management overhead, but it is necessary to keep track of new attacks, exploits, viruses, etc. Given to the system is passive inspection service (without interfering in the operation), it avoids the headache blocking legitimate traffic under false positive alarms. Just for the record, a false positive alarm occurs when the IDS sensor falsely report a legitimate operation hazardous.

On the other hand, Intrusion Prevention System is considered to be 'active' security solutions because it may interfere with the flow of data and block or deny some traffic detected as malicious. IPS is the development of IDS in Security network. It is a mixture of blocking the ability of a firewall device with a deep inspection capability IDS devices to obtain a new function called Intrusion Prevention. In addition to the signature database of known attack patterns, IPS systems typically employed a''database of generic attack behavior, which helps to stop some unknown attacks. This feature is sometimes called "zero-day threat prevention '. Zero-day event or threat is in fact a virus or other malicious code that is so new that the anti-virus and anti-spyware software has come to the defense update. One of the main problems associated with deployment, the possibility of blocking legitimate traffic after a false positive identification of the attack. This problem exists in the IDS system, as transparently work with data flow. It is usually a good idea to configure the device IPS to work as an IDS for some initial 'training' period, to collect and transport assistance to the administrator identify false positive flows. Then you can eliminate these false positive traffic flows from the engine control system configuration work as IPS.

The conclusion is that both IDS and IPS systems can be very useful for network security, because how you 'inside' eye data flowing on the network and help identify and block attacks.