06-07-2012, 12:28 PM
INTRUSION DETECTION SYSTEM
[attachment=26958]
IDS INTRODUCTION
Any unauthorized or unwanted activity on the system or network is called intrusion and the Intrusion Detection system tries to detect and alert on attempted intrusion into a system or network.
LIMITATION OF IDS
IDS is unable to catch the event of tear drop attack. A tear drop attack is occur when a attacker sends fragments of data that a system is unable to reassemble. Such an attack may lead to freezing of the system.
*A sniffer based intrusion detection is not at all capable or reliably detecting attacks.
*Not all IDS are compatible with all firewall and routers.
*A direct attack on IDS finishes its ability of detect intrusion
BENEFITS OF IDS
*It can detect the attempted or unauthorized access.
*It can detect the password cracking, Protocol attacks and denial of service attacks.
*It supports the defense in depth security principle.
*They can catch illegal data manipulation.
*They can detect most of security threats and in some cases the are more reliable then firewalls.
*They can detect and stop unauthorized access.
*They can detect and malicious code like viruses, warms, Trojan horses etc.
*The can also detect buffer overflows and impersonations attempts.
NETWORK- BASED IDS
Network based systems examine the individual packets flowing through a network. They are able to understand all the different flags and option that exit within a network packed unlike firewalls, which typically looks at the IP addresses, ports and ICMP types. A NIDS can therefore detect maliciously crafted packets that are designed to be overlooked by a firewall’s relatively simplistic filtering rules. NIDS are also able to look at the “payload” within a packet, i.e. see which particular Web server program is being accessed and with what options and to raise alerts when an attackers tries to exploit a bug in such a code.
IDS COUNTER MEASURES
The main function of an Intrusion Detection System are logging and alerting, along with these two activities the IDS has two other active countermeasures, These are :
[attachment=26958]
IDS INTRODUCTION
Any unauthorized or unwanted activity on the system or network is called intrusion and the Intrusion Detection system tries to detect and alert on attempted intrusion into a system or network.
LIMITATION OF IDS
IDS is unable to catch the event of tear drop attack. A tear drop attack is occur when a attacker sends fragments of data that a system is unable to reassemble. Such an attack may lead to freezing of the system.
*A sniffer based intrusion detection is not at all capable or reliably detecting attacks.
*Not all IDS are compatible with all firewall and routers.
*A direct attack on IDS finishes its ability of detect intrusion
BENEFITS OF IDS
*It can detect the attempted or unauthorized access.
*It can detect the password cracking, Protocol attacks and denial of service attacks.
*It supports the defense in depth security principle.
*They can catch illegal data manipulation.
*They can detect most of security threats and in some cases the are more reliable then firewalls.
*They can detect and stop unauthorized access.
*They can detect and malicious code like viruses, warms, Trojan horses etc.
*The can also detect buffer overflows and impersonations attempts.
NETWORK- BASED IDS
Network based systems examine the individual packets flowing through a network. They are able to understand all the different flags and option that exit within a network packed unlike firewalls, which typically looks at the IP addresses, ports and ICMP types. A NIDS can therefore detect maliciously crafted packets that are designed to be overlooked by a firewall’s relatively simplistic filtering rules. NIDS are also able to look at the “payload” within a packet, i.e. see which particular Web server program is being accessed and with what options and to raise alerts when an attackers tries to exploit a bug in such a code.
IDS COUNTER MEASURES
The main function of an Intrusion Detection System are logging and alerting, along with these two activities the IDS has two other active countermeasures, These are :