Stopping Intruders with Intrusion Prevention systems

Types of IDS
There are a variety of intrusion detection systems that help administrators. Most administrators prefer to use a combination for effective intrusion detection and prevention.
  • Host based which analyzes a single system. It determines user and process that are malicious. This package is also available for multi host monitoring. A centralized console is provided for better management and consolidation of data. This is a disadvantage as it consumes bandwidth of the network. Also its effectiveness in a DoS environment is questionable as reporting can be foiled when the network is down. Some malicious code can disable the host base IDS. The advantages of such a system are that in some cases it is more effective than network based IDS. Encryption techniques can be used on the host to examine even encrypted traffic.
  • Network based needs lesser bandwidth as it is concentrated at the node of the network or pertains to a few nodes in the network. It is easy to secure networks against attacks and is undetectable by the attacker. It does have few problems related to the inability to handle high speed networks and not detect encrypted traffic. They require a bit of active participation from the network administrator and may fail during peak traffic periods.
  • Application based (data base management, content management, accounting systems etc...) intrusion detection systems depend on events occurring within the specified application. It works with application based encryption and decryption services and can even track unauthorized activity of individual users. Application based intrusion detection systems are themselves vulnerable to attack and can be compromised.
What is intrusion prevention?
The approach to intrusion detection determines how an intrusion is prevented. Event analysis depends on signature detection. It is in many ways similar to the antivirus method of checking and prevention of computer viruses. A definition file of known malicious attack signatures or malicious traffic patterns is present in the database and any comparison that shows a resemblance to the signatures is prevented. Most commercial based intrusion prevention systems adopt this method.

Heuristic protection is based on normal patterns of behavior and any abnormal activity is enough to be reported and blocked. Most Intrusion detection systems have some sort of anomalies detection systems.
Can intruders be traced?
Hackers are a clever lot they do not use their system to obtain information. They compromise a computer and launch an attack from a different route. The data that is gleaned from a computer is placed on the internet where it is accessible to all. In most cases the attackers IP address can be traced up to the internet service provider.

The internet service provider has log details which specify the time and the log on details of those who where using their IP services any part of the day or night. These log details are not given to anyone except to a law enforcement agency if a criminal activity has known to be carried out from an IP address.

Even if the IP address is traced all you may land up with is a zombie machine and a person who does not know that his PC had been used in an internet attack. The log files of this PC and mal ware may shed more light on the means and methods used in the attack and may be used to track down the hacker.
IDS products in the market
There are many IDS products that are available in the market. Some of these products come along with the network devices like routers and gateways. The companies that produce these devices or separate intrusion detection systems are
  • Check Point Software Technologies
  • Cicso Systems
  • Hewlett-Packard
  • Lucent Technologies
  • En Garde Systems
  • Intrusion.com
  • Los Altos Technologies
  • NetIQ
  • Network Flight Recorder
  • NetworkICE
  • Networking Dynamics
  • New Technologies
  • Patriot Technologies
  • PGP
  • Q1Labs
  • SilentRunner
  • Snort
  • StillSecure
  • Strohl Systems
  • Sydex
  • Tripwire Security Systems
  • Vanguard Integrity Professionals
  • WebTrends
  • WetStone Technologies
There are many means to protect your system. Some are commercial products and require updates others are open source tools to detect intrusion detection. Intrusion prevention can be done dependent on these reports.

Related Articles
How Vulnerable is Your Network?
Effective Tips: Prevent Network Attacks with Firewalls
Top Network Security Products
Hacking and Network Security


Effective Preventive solutions Network security includes the process of securing private and official data under authentic access control preventing system virus and hackers from attacking them.

Vulnerability Assessment
Intrusion Prevention
Firewall and Security Network Security Solutions Hacking Port Scanners

Tools and Standards Network Tools Network security includes the process of securing private and official data under authentic access control preventing system virus and hackers from attacking them.

Security Standard by IETF
Network Security Websites
Business Network policy

Network Security
Network Security Networking field take account of necessities and strategy that are followed by network administrators to monitor unauthorized access over computer network resources. Computer Security Breach Network Security and OS Linux Network Security Home Network Security Wireless Network Security
Enterprise Security
Security systems over enterprise network cover wide-ranged strategies that help to guard the network beside possible threats on system hacks and cracks. Spy BOT Advantages of Honey Pots Unified Threat Management Information Security Policy Denial Of Service
Suggest An Article
Haven´t found the article you are looking for, please suggest your article. We value all your suggestions and comments. Suggest

Home Sitemap Privacy Policy Contact Us Disclaimer Copyrights ©Copyright 2011 securingmynetwork.com All rights reserved. Read legal policy and privacy policy.