Intrusion Detection

Intrusion Detection System (IDS) analyzes system for potential attacks, malwares, based on predefined patterns, and alerts network administrators of the event. Where firewall passes or denies traffic based on rules, IDS makes judgement if there is any potential risk based on the activity patterns such as login time, used commands, targeted ports, etc., so it will be possible for IDS to detect risks what firewall cannot block. However, since there is possibility of false positives (alerts made when no attack), IDS typically alerts network administrator instead of shutting down system, and network administrator investigate and take appropriate action.

Network Intrusion Detection System (NIDS) is a type of IDS which monitors network traffic. Example of NIDS software is Snort. Host Intrusion Detection System (HIDS) is a type of IDS which monitors server on which it's running. Example of HIDS software is Tripwire.

Related Articles:

Firewall