Vistas for Network Security
Enterprise security
Effective solutions
Tools and standards
Free Newsletter

Stay updated, sign up for our free newsletter to receive useful tips

Full Name
Email Id
sign up

Can You Find Out who is Intruding Your PC?

Network intrusion detection system is in the nascent stage of development. The constant growth of malware and new vulnerabilities and DoS attacks have made
it necessary for network intrusion detection and intrusion prevention systems. Only after a few systems being compromised and after a few security conscious individuals finding out these breaches does antivirus and other vulnerability detection scanner software add updates to their software. Intrusion prevention is effective against known methods of attack. Firewall and boundary devices are not able to identify attack signatures in the information they receive and so the need for IDS. Newer boundary devices are now being produced to include IDS. Intrusion detection systems are more like antivirus
What is an intrusion detection system?
A system that contains tools to read, interpret and identify traffic from a good source and a malicious source is an intrusion detection system. For example the intrusion detection using snort with win cap became popular on Windows NT systems. If the system has identified an attacker trying to gain access to some service or part of your system and has the means and stops the intruder then it becomes an intrusion prevention system as well. Intrusion detection and prevention systems thus blocks unauthorized use of a network or a system on the network. Its design is to detect and prevent any compromise in network security. These intrusions usually start with a port scan intrusion. If your ports are open and not secure then you are in big trouble and may be a target for Trojans and mal ware. Most firewalls are now built with a port scan intrusion detection system.
How does the intrusion detection system work?
Intrusion detection software is able to read and interpret the log files of routers, firewalls, servers, and other devices on the network. It then compares any suspicious activity with a database of attack signatures and activity patterns of mal ware and general traffic.

Once an activity pattern is close to an attack signature the IDS starts of an automatic set of actions like
  • Issuing alarms and alerts
  • Shutting down of internet links
  • Shutting down of server in case of a DoS or DDoS
  • Launching back traces to find the IP addresses of the attacker.
  • Other advanced mode is collection of evidence of the attack pattern.
Continue to : IDS and intrusion prevention

Related Articles
How Vulnerable is Your Network?
Effective Tips: Prevent Network Attacks with Firewalls
Top Network Security Products
Hacking and Network Security

Bookmark this page Email this to your friend Add this page to del.icio.us


Suggest an Article

Haven´t found the article you are looking for, please suggest your article. We value all your suggestions and comments.