NETWORK INTRUSION DETECTION SYSTEM

Network Intrusion Detection System



Network Intrusion Detection System

Introduction

Intrusion detection system is one of the most important elements of information security systems of any modern enterprise networks. In recent years, growth of the problems associated with computer security has led to the fact that intrusion detection systems have quickly become a key component of any network security. Over the past few years, their popularity has increased significantly, as sellers of protection have significantly improved the quality and compatibility of their programs. 

An intrusion detection system is a set of different hardware and software, united by one common feature. It is engaged in the analysis of resources entrusted to it, and, in case of any suspicious or unusual events, it is simply able to take some independent actions on the detection, identification and elimination of the causes. On the other hand, intrusion detection systems involve only one of the instruments of security and should not be considered a substitute for any of the other protective mechanisms. Data protection is most effective when supported by an intranet multilevel security. It consists of the following components:

Intranet security policy of the organization;

Protection system hosts on the network;

Network audit;

Protection based routers;

Firewalls;

Intrusion detection systems;

Response plan to detect attacks.

As a result, to fully protect the integrity of the network, it is necessary to implement all of these security components. The use of a layered defense is the most effective method of preventing unauthorized use of computer systems and network services. Thus, the intrusion detection system is one of the components of network security in a tiered strategy for its protection.

Until recently, the main mechanism for the protection of corporate networks has firewalls. However, firewalls are designed to protect the organization's information resources. This is because system administrators create so many simplifications in access, with the result that the stone wall protection system is full of holes like a sieve. Protection with firewall (ITU) may not be appropriate for corporate networks with intense traffic, as the use of many ITU significantly affect the performance of network. In some cases, it is better to "leave the door wide open", but the main emphasis is on methods of network intrusion detection and its response (Newman 2009, 90).

For continuous monitoring of the corporate network, there is an active protection which is the Intrusion Detection Systems. These systems detect attacks on the hosts on the corporate network and respond to administrator in a secure way. For example, interruption of the connection to the attacker node, according to the administrator, contains information about an attack in logs. There are three types of IDS which are discussed below:

Host-based IDS.

Network-based IDS.

Hybrid IDS.

Host-based IDS

They are the oldest type of Intrusion Detection Systems. They were originally formed from the military to develop the security of mainframe guarantee. A HIDS must be installed on each system to be monitored. The term "host", however, must not be misunderstood. In this context, since each host system is meant as a system on which IDS is installed, the term "host" does not only used as a synonym for a ...