Open in app

Sign in

Write

Sign in

What is an IDS?

Vishnu Shivalal P
3 min readMar 3, 2023

An IDS stands for Intrusion Detection System and it is either a hardware or software used to detect security breaches and attacks by monitoring a network or host.

Functions of IDS

  • Detecting security breaches according to the detection methods used by the IDS product is the main task of the IDS product.
  • When IDS detects a security breach, the administrator is informed, and/or this information is sent to the SIEM product.

Importance of IDS in Security

IDS is a product developed to detect malicious behavior. It can be said that security is lacking in a network without IDS. Because IDS is one of the products that has reached a certain technological maturity. Due to its task, it is very important to detect security breaches.

It is recommended to be used with other security products rather than alone. Since the IDS product does not have the ability to take action, it will be more effective to use it with a security product that has the ability to take additional action.

Types of IDS

1. Network Intrusion Detection System (NIDS)

Network Intrusion Detection System (NIDS) is used to detect whether there is traffic suitable for attacker behavior by passing all traffic on the network through it. When abnormal behavior is observed in the traffic, an alert can be generated and the administrator can be informed.

2. Host Intrusion Detection System (HIDS)

The Host Intrusion Detection System (HIDS) works on a specific host in the network. It tries to detect malicious activities by examining all network packets coming to this device and all network packets going from this device. Detected malicious behaviors are reported to the administrator as an alert.

3. Protocol-Based Intrusion Detection System (PIDS)

A protocol-Based Intrusion Detection System (PIDS) is a type of IDS that examines the traffic between a server and a client in a protocol-specific way.

4. Application Protocol-based Intrusion Detection System (APIDS)

An Application Protocol-Based Intrusion Detection System (APIDS) is a type of IDS that tries to detect security breaches by monitoring communication in application-specific protocols.

5. Hybrid Intrusion Detection System

A hybrid Intrusion Detection System is a type of IDS in which two or more violation detection approaches are used together.

Some of the popular IDS products

  1. Zeek/Bro
  2. Snort
  3. Suricata
  4. Fail2Ban
  5. OSSEC
Ids Software
Ids
Intrusion Detection
Intrusion Detectionsystem
Cybersecurity

--

--

Vishnu Shivalal P
Vishnu Shivalal P

Written by Vishnu Shivalal P

503 Followers
95 Following

Cyber Security Engineer | Bug Hunter | Security Researcher | CTF Player | PenTester | Security Enthusiast | TryHackMe Top 1% www.linkedin.com/in/vishnushivalalp

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams