What are Intrusion Detection Systems?

 The Intrusion Detection System (IDS) is a crucial component of any company security plan. What are systems for intrusion detection? CERIAS, the Center for Information Assurance and Security Education and Research specifies the following:

"The goal of an intrusion detection system (or IDS) is to detect unauthorized computer system access or usage. Intrusion detection systems are somewhat like computer burglar alarms. They sound alarms and sometimes even remedy when an intruder or abuser is discovered. Many various intrusion detection systems were developed but generally the detection systems fall into one of two categories: anomaly detection or misuse detection. Anomaly detectors search for activity which is different from usual system use. Misuse detectors are looking for behavior that corresponds to a recognized scenario of attack. Much time and effort has been spent on intrusion detection and this list contains links to several sites which detail some of these efforts "(http://www.cerias.purdue.edu/survey/history/coast resources/intrusion())

Intrusion detection systems are a subcategory called network intrusion detection systems (NIDS). These systems monitor network wire packets and seek for unusual activities. Network intrusion detection systems can monitor several computers on a network at a time, whereas other intrusion detection systems can only monitor one computer.

Who's going to break into your system?

One prevalent myth about software hackers is that persons outside your network usually break into your systems and wreak disaster. The fact, especially for corporate employees, is that the bulk of security violations are caused by insiders. Insiders typically personify someone with additional privileges to obtain access to sensitive information.

How do I break in your system?

The simplest and easiest approach to interrupt is to allow someone to access a system physically. Despite the best attempts, someone often cannot quit while physically accessing a system. Further, if someone already has a low permission account on a system, another means of breaking in is to employ trade techniques to grant higher access via weaknesses in your system. Finally, although one works remotely, there are various ways to acquire access to systems. Remote intrusion techniques have gotten increasingly difficult to combat.

How do incursions stop?

There are numerous Intrusion Detection Systems and commercial intrusion detection systems for Freeware/Shareware.

Intrusion Detection Systems Open Source

Below are some of the intrusion detection systems open source:

AIDE (http://field.net/projects/assistant) AIDE Auto-described as "AIDE is a free substitute for Tripwire (Advanced Intrusion Detection Environment). It does like the semi-free Tripwire and more. Other free substitutions are available, so why construct a new one? All alternative substitutes do not reach the Tripwire level. And I needed a program that would overcome Tripwire's restrictions."

Saint File System (http://sourceforge.net/projects/fss) – Self-decribed as "File System Saint is a lightweight, high speed, ease of use host-based intrusion detection system."


Snort Snort (www.snort.org) Auto-described as "Snort® is a rules-led intrusion and detection solution that combines the advantages of signature, protocol and anomaly-based inspection methods. With millions of downloads to date, Snort is the world's most commonly used intrusion detection and prevention system and has become a de facto industry standard."

Systems for commercial intrusion detection

Here are some of them if you are seeking for commercial intrusion detection systems:

Tripwire \shttp://www.tripwire.com

Touch Technology Inc. (POLYCENTER Security Intrusion Detector)

Real Secure Server Sensor (Internet Security Systems) http://www.iss.net


SecureIIS Web Server Protection (Eye Digital Security) http://www.eeye.com