Sunday, March 4, 2012

Intrusion Detection System in Plain English?

Intrusion detection aids in reacting to network infrastructure incursions

IT decentralization clearly has increased the need for effective network security. In response, entities typically deploy several layers of information security technologies. Furthermore, due to technological and operational diversity, it is critical to have standard processes to control access that will permit economies of scale.

Network monitoring of packets to identify malformed packets and known attacks should be an entity’s Threat Management control objective. Unauthorized access incidents are often preceded by reconnaissance activity to map hosts and services and to identify vulnerabilities.

Precursor exploits may include port scans, host scans, vulnerability scans, pings, trace-routes, DNS zone transfers, Operating System fingerprinting, and banner grabbing. Such unethical, if not unlawful, activities are discovered primarily through Intrusion Detection System (IDS) or Intrusion Prevention System (IPS) software and secondarily through log analysis.

Intrusion detection aids in reacting to network infrastructure incursions. Derivatively, the main value of intrusion detection is early incident or event awareness and subsequent, timely intervention resulting in a loss experience that is less than what might otherwise ensue from a security breach.

After all of the access control rules are implemented and the software is updated and patched, an IDS should provide the ability to determine if and when security controls have been bypassed. Consequently, the primary IDS purpose is to provide the ability to view IT activity in real time and to identify unauthorized IT activity.

No comments: