What is IDs

IDS is the abbreviation of "Intrusion detection Systems" in English, meaning "intrusion detection system" in Chinese. Professionally speaking, according to a certain security policy, the network, the operation of the system monitoring, as far as possible to discover a variety of attack attempts, attacks or attacks, to ensure the confidentiality of network system resources, integrity and availability.

IDS is essentially a listening system, which monitors the operation of the network and the system according to a certain security policy, discovers, reports and records all kinds of attack attempts, attacks or attacks as far as possible to ensure the confidentiality, integrity and usability of the information system. IDS can be divided into host-type hids and network-type NIDs, the current mainstream IDs products are both organically combined with the hybrid architecture.

Let's make a figurative analogy: if the firewall is the door lock of a building, then IDs is the surveillance system in the building. Once a thief climbs the window into the building, or the insider has cross-border behavior, only the real-time monitoring system can detect the situation and issue a warning.

Early IDs systems play a role by looking for any unusual traffic. When abnormal traffic is detected, this action is logged and an alert is issued to the administrator. There are few problems with this process. For the original, the search for abnormal communication results in many erroneous reports. After a while, the administrator is tired of receiving too many error alerts, completely ignoring the IDS system warnings.

Another major flaw in IDs systems is that they monitor only primary traffic. If an attack is detected, it will alert the administrator to take action. This approach is thought to be a good one for the IDS system. All in all, are you really willing to let the IDS System Act on legitimate network communications because the IDS system produces a lot of error reporting?

In the past few years, the IDS system has made great progress. At present, the IDs system works more like a anti-virus software. The IDS system contains a database called an attack signature. The system continually compares the communication in the network to the information in the database. If an attack is detected, the IDS system emits a report of the attack.

The newer IDs system is more accurate than the previous system. However, the database needs to be constantly updated to remain valid. Also, if an attack occurs and there is no matching signature in the database, the attack may be ignored. Even if the attack is detected and proven to be an attack, the IDS system has no power to do anything other than alert the administrator and record the attack.