IDS – an Information security tool to protect your network
IDS stands for Intrusion Detection System. IDS is primarily used by network administrator, Information Security professionals, IS Auditors and Penetration testers for detection of any external or internal network intrusion(s). Before going further let us see what an intrusion is?
What is an intrusion?
The basic principle of any Information System is CIA triad where
C = Confidentiality
I= Integrity &
A= Availability.
When one or more of the above three is/are compromised for some malicious intent, the outcome is said to be intrusion.
An IDS is a software, a hardware or a combination of both which detects the above process of intrusion or the compromise on confidentiality, integrity or availability.
Modern IDS may detect most common types of intrusion. Some common examples of intrusion where an IDS can help Information Security / IS Audit Professionals, Penetration Testers or Security administrators are
1.DOS
2.DDOS
3.Port Scanning
4.Malicious Penetration
5.Local Intrusion
6.Internal intrusion
7.Remote intrusion etc.
IS professionals before analyzing and providing solution to detected intrusion or configuring an IDS, should also be aware of why these intrusions are possible. These intrusions are commonly possible because of Hardware bugs and/or Software bugs present in hardware, application, OS or network & communication devices. Some common examples are
1. Improper validation controls
2. Lack of proper memory handling in applications
3. Poor configuration
4. Poor deadlock management like circular wait
5. Lack of physical control
6. Poor logical security etc.
An IDS is a great tool and it helps Information Security / IS Audit Professionals, Penetration Testers and Security administrators by providing
1. Timing of attack
2. Source IP address and Port
3. Destination IP and Port
4. Platform of attack
5. Nature of attack
6. Severity of attack
7. Possible solution
An IS Auditor may use all these information for hardening systems and save network and resources from internal as well as external attacks.
Abbreviation used:
DOS- Denial of Service
DDOS- Distributed Denial of Service
IS – Information System / Information Security
IP – Internet Protocol
What is an intrusion?
The basic principle of any Information System is CIA triad where
C = Confidentiality
I= Integrity &
A= Availability.
When one or more of the above three is/are compromised for some malicious intent, the outcome is said to be intrusion.
An IDS is a software, a hardware or a combination of both which detects the above process of intrusion or the compromise on confidentiality, integrity or availability.
Modern IDS may detect most common types of intrusion. Some common examples of intrusion where an IDS can help Information Security / IS Audit Professionals, Penetration Testers or Security administrators are
1.DOS
2.DDOS
3.Port Scanning
4.Malicious Penetration
5.Local Intrusion
6.Internal intrusion
7.Remote intrusion etc.
IS professionals before analyzing and providing solution to detected intrusion or configuring an IDS, should also be aware of why these intrusions are possible. These intrusions are commonly possible because of Hardware bugs and/or Software bugs present in hardware, application, OS or network & communication devices. Some common examples are
1. Improper validation controls
2. Lack of proper memory handling in applications
3. Poor configuration
4. Poor deadlock management like circular wait
5. Lack of physical control
6. Poor logical security etc.
An IDS is a great tool and it helps Information Security / IS Audit Professionals, Penetration Testers and Security administrators by providing
1. Timing of attack
2. Source IP address and Port
3. Destination IP and Port
4. Platform of attack
5. Nature of attack
6. Severity of attack
7. Possible solution
An IS Auditor may use all these information for hardening systems and save network and resources from internal as well as external attacks.
Abbreviation used:
DOS- Denial of Service
DDOS- Distributed Denial of Service
IS – Information System / Information Security
IP – Internet Protocol
0 comments:
Post a Comment