Intrusion Detection Systems - Essay Example

Intrusion detection systemsIntroductionIntrusion detection systems (IDS) are software application that inspects inbound and outbound network activity for suspicious activities that may show a security breach. IDS systems use all the available information in a bandwidth in order to detect intrusion.Question oneIDS use its own language for analysis from lipcap data or a networking data. The unit detects signals from a network interface card which operates in separating management interface. Some IDS use a packet analyzer that operates under a command line by allowing a user to intercept the signals transmitted over a network (Kargl, 01)Question two A passive monitoring system transmits signals to the owner after a security breach by utilizing a sensor that detects any weird movement.

The main advantage of a passive monitoring systems is that the units can be deployed randomly minimizing the device attacks. Passive monitoring IDS cannot block suspicious signals on their own; an operator has to be available to block any potential threat. For Inline transmission, the IDS does not transmit signals to the owner rather it auto responds to the malicious activity by reconstructing the connection to block communication from the suspicious source. The system is configured to automatically alter supicious signals without any operation by the owner.

Inline transmission IDS can block denial of service attack by flooding a system which ends up reducing frequency transmission bandwidth. The disadvantage of the inline transmission is that it has to be placed in line along a network path making it susceptible to damage. The other Inline transmission shortcoming is that the device cannot analyze if a breach was a false or legitimate. Authorized users may be denied access to a premise if the alarm has not been keenly identified. Question three Thresholds are used with IDS alerts because they add an extra advantage to the IDS in detecting any intrusion by identifying an attack in a short duration.

The early detection can help the administrator to take a quick action in controlling the next breach.Question four Most IDS deployments do not work as expected because they utilize pattern matching to detect intrusion. If an attacker changes the pattern evasion, it may be possible to avoid detection.Question five Number of simultaneous connections should be considered before implementing IDS. The system sensors are usually limited to the number of connections for which they can detect. Maintenance cost should also be determined because the units require staff training, software licensing as well as customization cost.

The mode of transmission should also be considered before deploying and IDS. Administrators should use the active IDS rather than Passive IDS.Question six Difference between IDS and IPS is: IDS are placed at a strategic point in order to clearly monitor signal flow to and from the devices on the network path. Second IDS system administrators have to scan for incoming and outgoing traffic, as the device cannot operate on its own. IDS operate concurrently with its agents or programs. The program or Agent writes the data then analyses the result.

IPS systems on the other hand operate on their own. They provide real time ideal action without the operator’s hand.ConclusionIPS should be more widely used because they require less labor to operate. Works cited Kargl, Maier & Weber. “Protecting Web Server from DDOS Attack” In Proceeding of WWW10 Conference, ACM, Hong Kong, 2001.