Intrusion detection is a set of techniques and methods that are used to detect suspicious activity both at the network and host level.
Intrusion detection is the act of detecting a hostile user or intruder who is attempting to gain unauthorized access or trying to disturb the services or deny the services to legitimate users. An Intrusion Detection System (IDS) is software or a device or a combination of both that monitors and track network intrusion attempts, malicious activities or policy violations and produces reports for the security administrators.
Basically an Intrusion Detection System (IDS) is also a sniffer. An Intrusion Detection System (IDS) detect an intrusion by sniffing and analysing the network packets.
The most popular Open Source Intrusion Detection System (IDS) is Snort, developed by SourceFire. Snort can detect thousands of worms, vulnerability exploit attempts, port scans, and other suspicious activities. Snort is available for both Linux and Windows platforms as source files and binaries. Click the following link to download Snort.
Following are some defenitions which are related with Intrusion Detection System (IDS).
Intrusion Detection System (IDS)
Intrusion Detection System (IDS) is software, or a device or combination of both used to detect intruder activity.
Network Intrusion Detection System (NIDS)
Network Intrusion detection systems (NIDS) usually consists of a network appliance (or sensor) with a Network Interface Card (NIC) operating in promiscuous mode and a separate management interface. The IDS is placed along a network segment or boundary and monitors all traffic on that segment. Depending upon whether a packet is matched with an intruder signature, an alert is generated or the packet is logged to a file or database.
Host Intrusion Detection System (HIDS)
A Host Intrusion detection systems (HIDS) and software applications (agents) installed on workstations which are to be monitored. The agents monitor the operating system and write data to log files and/or trigger alarms. A Host Intrusion detection systems (HIDS) can only monitor the individual workstations on which the agents are installed and it cannot monitor the entire network.
Signature is the pattern that you look for inside a data packet. Each attack has its own specific signatures and a signature is used to detect one or multiple types of attacks. Signatures can be identified from IP header, transport layer protocol header (TCP or UDP header) or from data.
Alerts are any sort of user notification of an intruder activity. When an IDS detects an intruder, it has to inform security administrator about this using alerts.
The log messages are usually saved in file for future analysis.
False alarms are alerts generated due to an indication that is not an intruder activity.
The machine on which an intrusion detection system is running is also called the sensor in the literature because it is used to "sense" the network.