Saturday, March 14, 2009

What Are Intrusion Detection Systems?

With computer hackers and identity thieves getting more computer literate, the security your computer needs to keep them out has to always stay at least one step in front. There is a different type of computer safety tool that detects an attack or system intrusion before it has the chance to harm your computer. It is called an IDS or Intrusion Detection System and is another form of application layer firewall. Intrusion detection systems are programmed to detect attempted malicious attacks or intrusions by computer hackers trying to get into your system by detecting inappropriate, incorrect, or anomalous activity. There does seem to be some question of how well this system works when many personal computer users are going to wireless online connections. Some will argue that with the adoption of intrusion prevention technologies has created a unique challenge for security professionals. In order to make this type of system effective, such monitoring of these devices requires extensive security expertise and time. If devices are incorrectly tuned and not regularly updated, attacks of malicious traffic and intrusions may be permitted. In order to prevent downtime, security professionals also must continually check on these devices in order to keep the system running smoothly.

There are three different types of intrusion detection systems.

A host-based Intrusion Detection Systems consists of an agent on a host that can identify intrusions by analyzing system calls, application logs, and host activities. Network Intrusion Detection System is an independent platform that identifies intrusions by examining network traffic and monitors multiple hosts. These gain access to network traffic by connecting to a hub, network switch configured for port mirroring, or network tap.

Hybrid Intrusion Detection Systems combine both approaches and the host agent data is combined with network information to form a complete view of the network.

A Signature-Based Intrusion Detection System can identify intrusions by watching for patterns of traffic or application data presumed to be malicious. These systems are able to detect only known attacks, but depending on their rule set, signature based IDS's can sometimes detect new attacks which share characteristics with old attacks.

Anomaly-Based Intrusion Detection Systems identify intrusions by notifying operators of traffic or application content presumed to be different from normal activity on the network or host. Anomaly-Based Intrusion Detection Systems typically achieve this with self-learning.

A Signature-Based Intrusion Detection System identifies intrusions by watching for patterns of traffic or application data presumed to be malicious. These type of systems are presumed to be able to detect only 'known' attacks. However, depending on their rule set, signature-based IDSs can sometimes detect new attacks which share characteristics with old attacks, e.g., accessing 'cmd.exe' via a HTTP GET request.

An Anomaly-Based Intrusion Detection System identifies intrusions by notifying operators of traffic or application content presumed to be different from 'normal' activity on the network or host. Anomaly-based IDSs typically achieve this with self-learning.

Features and Benefits The Managed Intrusion Prevention Service includes:

Configure and provision device

Create initial policy; update and tune policy on an ongoing basis

Monitor and report on health and security events 24x7

Industry leading Service Level Agreement

Report all security events on the Client Resource Portal

Flexible reporting options on Client Resource Portal

Notify customers of major security and health issues

Upgrade and patch devices

Seamless integration with VeriSign's Incident Response and Computer Forensics team

Whether used for detection or prevention, Intrusion SecureNet technology is peerless in accurately detecting attacks and proactively reporting indicators of future information loss or service interruption. Using pattern matching for performance and protocol decoding to detect intentional evasion and polymorphic or patternless attacks, as well as protocol and network anomalies before a new attack has a signature created, the SecureNet System is ideal for protecting critical networks and valuable information assets.

0 comments:

Post a Comment