Regardless of the sophistication and thorough management of the information protection systems in place, attempts at intrusion into those systems are possible. However, through effective monitoring and management, qualified IT security personnel will be able to detect such intrusion attempts when they occur.
When developing the IDS portion of your system you’ll have to choose from a range of technologies. We’re going to touch on some of the most prevalent Intrusion detection technologies found in enterprises today..
- Host Based IDS (HIDS) analyzes your network traffic and system settings like application calls, security policies, and log audits, HIDS needs to be installed in a specific configuration for each machine which makes this a cumbersome process for large networks.
- Network Based IDS (NIDS) looks at all the layers of the OSI model and determines whether or not the traffic look malicious. NIDSs are easier to implement that HIDSs and can easily view traffic from multiple systems on a network without multiple installs.
- Wireless IDS is very similar to NIDS but as the name implies, has additional methods to handle wireless traffic. Wireless IDS technologies allow the network to monitor Access Points, external users, rogue Access Points and WLAN IDSs built into Access Points.
- Network Behavior Anomaly Detection (NBAD) monitors traffic for abnormalities like traffic spikes on networks that normally have a constant level of low traffic. NBAD needs multiple sensors to capture a good picture of the network and requires saving network benchmarks to create comparison points in time.
In the event of a system intrusion, information asset security personnel will be able to detect the intrusion, sever the connection to crucial protected data and trace the source of the intrusion in order to prevent future attempts to compromise data security. Further study of such intrusion attempts will provide the platform for reassessment of security systems.