Intrusion detection detects unauthorized attempts to access a computer network or system. It uses intrusion detection systems (IDS) and has three types: network-based, host-based, and physical. IDS records events and does not prevent intrusions, but some physical methods can prevent entry. Intrusion prevention systems (IPS) take action when suspicious activity occurs and provide a more comprehensive security system. Policies are configured by system administrators or information security employees.
Intrusion detection is concerned with detecting unauthorized attempts to access a computer network or physical computer system. Its purpose is to detect any threats that could allow access to unauthorized information, adversely affect data integrity, or cause a loss of access within a network. It is usually implemented through the use of an intrusion detection system (IDS) which detects, logs, and logs various information about others connecting to the network or accessing a physical host. These systems can range from software solutions that simply record traffic information to physical systems involving security guards, cameras and motion sensors.
There are three main types of intrusion detection, including network-based, host-based, and physical methods. Network-based methods try to flag suspicious network traffic and typically use programs that log traffic and packets as they pass through a network. Host-based methods search for possible intrusions on a physical computer system and check file integrity, identify rootkits, monitor local security policies, and analyze logs. Physical methods also address the identification of security issues on physical devices and use physical controls, such as people, security cameras, firewalls, and motion sensors. In many businesses with sensitive data and critical systems, a combination of these methods is desirable for the greatest possible security.
Intrusion detection systems usually do not prevent intrusions from occurring; instead, they simply record events as they occur so that others can gather and analyze the information. While this is especially true for network and host-based intrusion detection methods, this may not be true for some physical methods, such as firewalls and security personnel. Firewalls often offer the ability to block suspicious traffic and can find out what is allowed and what is not allowed. Security personnel can also prevent people from physically entering a business or data center, and monitored traps and access control systems are other physical methods that can prevent someone from entering.
The limitations of intrusion detection systems mean that many organizations also use an intrusion prevention system (IPS) to take action when suspicious activity occurs. Many of these systems include the functions of an intrusion detection system and provide a more comprehensive security system that is useful when responding to security breaches is critical. When the IPS detects suspicious traffic or policy violations, it takes the action configured in its policy. Information security employees or system administrators typically configure the policies that the IPS uses to respond to each event.
Protect your devices with Threat Protection by NordVPN
