Essay about Intrusion Detection Systems
August 12, 2006
As technology has advanced, information systems have become an integral part of every day life. In fact, there are not too many public or private actions that can take part in today’s society that do not include some type of information system at some level or another. While information systems make our lives easier in most respects, our dependency upon them has become increasingly capitalized upon by persons with malicious intent. Therefore, security within the information systems realm has introduced a number of new devices and software to help combat the unfortunate results of unauthorized network access, identity theft, and the like – one of which …show more content…
The purpose of this paper is to delve a little deeper into intrusion detection systems and briefly describe the three different device types of IDS that are currently available – Host-based, network-based, and application-based. The following sections will give insight to how each of these IDS work, their advantages, and their disadvantages.
Host-based IDS, or HIDS, are just what the name implies – IDS that reside on a host system. This system can be a server, workstation, or even a decoy (honeypot) configured to lure intruders in so that they can be safely monitored to study their intrusion techniques or intent. HIDS are generally platform-specific, therefore often software-based and having both Microsoft Windows and UNIX-compatible versions. HIDS work by examining log files, hardware usage, critical data files or data stores, and even the actions of processes running on the system. HIDS then compare this data to a specified system state either determined by the security administrator, or by a strict security policy established from extensive baselining. Whenever the system encounters activity, either internal or external, that varies from the baseline or security policy by a certain percentage, it is determined to be an attack (Ciampa, 2005, p. 163).
HIDS are most beneficial in providing detection capabilities for the internal environment of an organization. Unauthorized accesses by employees, trespassers, etc. are almost