Vistas for Network Security
Network Security
Computer Security Breach
Network Security and OS
Linux Network Security
Home Network Security
Wireless Network Security
Enterprise security
Spy BOT
Advantages of Honey Pots
Unified threat management
Information Security Policy
Denial of service
Effective solutions
Vulnerability Assessment
Intrusion Prevention
Firewall and Security
Network Security Solutions
Hacking Port Scanners
Tools and standards
Network tools
Security Standard by IETF
Network Security Websites
Business Network policy
Free Newsletter

Stay updated, sign up for our free newsletter to receive useful tips

Full Name
Email Id
sign up

Stopping Intruders with Intrusion Prevention systems

Types of IDS
There are a variety of intrusion detection systems that help administrators. Most administrators prefer to use a combination for effective intrusion detection and prevention.
  • Host based which analyzes a single system. It determines user and process that are malicious. This package is also available for multi host monitoring. A centralized console is provided for better management and consolidation of data. This is a disadvantage as it consumes bandwidth of the network. Also its effectiveness in a DoS environment is questionable as reporting can be foiled when the network is down. Some malicious code can disable the host base IDS. The advantages of such a system are that in some cases it is more effective than network based IDS. Encryption techniques can be used on the host to examine even encrypted traffic.
  • Network based needs lesser bandwidth as it is concentrated at the node of the network or pertains to a few nodes in the network. It is easy to secure networks against attacks and is undetectable by the attacker. It does have few problems related to the inability to handle high speed networks and not detect encrypted traffic. They require a bit of active participation from the network administrator and may fail during peak traffic periods.
  • Application based (data base management, content management, accounting systems etc...) intrusion detection systems depend on events occurring within the specified application. It works with application based encryption and decryption services and can even track unauthorized activity of individual users. Application based intrusion detection systems are themselves vulnerable to attack and can be compromised.
What is intrusion prevention?
The approach to intrusion detection determines how an intrusion is prevented. Event analysis depends on signature detection. It is in many ways similar to the antivirus method of checking and prevention of computer viruses. A definition file of known malicious attack signatures or malicious traffic patterns is present in the database and any comparison that shows a resemblance to the signatures is prevented. Most commercial based intrusion prevention systems adopt this method.

Heuristic protection is based on normal patterns of behavior and any abnormal activity is enough to be reported and blocked. Most Intrusion detection systems have some sort of anomalies detection systems.
Can intruders be traced?
Hackers are a clever lot they do not use their system to obtain information. They compromise a computer and launch an attack from a different route. The data that is gleaned from a computer is placed on the internet where it is accessible to all. In most cases the attackers IP address can be traced up to the internet service provider.

The internet service provider has log details which specify the time and the log on details of those who where using their IP services any part of the day or night. These log details are not given to anyone except to a law enforcement agency if a criminal activity has known to be carried out from an IP address.

Even if the IP address is traced all you may land up with is a zombie machine and a person who does not know that his PC had been used in an internet attack. The log files of this PC and mal ware may shed more light on the means and methods used in the attack and may be used to track down the hacker.
IDS products in the market
There are many IDS products that are available in the market. Some of these products come along with the network devices like routers and gateways. The companies that produce these devices or separate intrusion detection systems are
  • Check Point Software Technologies
  • Cicso Systems
  • Hewlett-Packard
  • Lucent Technologies
  • En Garde Systems
  • Intrusion.com
  • Los Altos Technologies
  • NetIQ
  • Network Flight Recorder
  • NetworkICE
  • Networking Dynamics
  • New Technologies
  • Patriot Technologies
  • PGP
  • Q1Labs
  • SilentRunner
  • Snort
  • StillSecure
  • Strohl Systems
  • Sydex
  • Tripwire Security Systems
  • Vanguard Integrity Professionals
  • WebTrends
  • WetStone Technologies
There are many means to protect your system. Some are commercial products and require updates others are open source tools to detect intrusion detection. Intrusion prevention can be done dependent on these reports.

Related Articles
How Vulnerable is Your Network?
Effective Tips: Prevent Network Attacks with Firewalls
Top Network Security Products
Hacking and Network Security

Bookmark this page Email this to your friend Add this page to del.icio.us




White Papers

Linux System Administration
Linux Programming
Spectrum of Internet Threats

Suggest an Article

Haven´t found the article you are looking for, please suggest your article. We value all your suggestions and comments.