CHAPTER 3 (INTRUSION DETECTION SYSTEM (IDS) (An IDS can be configured to…
INTRUSION DETECTION SYSTEM (IDS)
An IDS can be configured to block the intruder IP when an alert is generated in response to the activity of the same IP.
The TCP/IP packets are examined in a number of ways after they are confined
IDS monitors all inbound and outbound host activity and identifies suspicious patterns on network,that indicate the attack.
IDS gathers and analyzes the information regarding the misuse of a particular computer or total network.
IDS CONCEPT : ARCHITECTURE
HOST TARGET SEPARATION:
Separating IDS host machine from target system will improve the security of IDS.
HOST TARGET CO-LOCATION
IDS usually protects the system that are running under their control.
THE TWO PRIMARY ARCHITECTURAL COMPONENTS OF IDS
Host target separation
Host target co-location
Array of reports to faciltate quick access the data required
Cross-platform product installation
Web-based administration console for universal secure-access to data views and configuration
Flexible modes of operation
FOUR STAGES IN WORKING:
Patch download and development
Patch assessment or scanning
System addition and discovery
Windows and Linux (Red hat And Debain) operating system