Placement of IDS
- The most optimal and common position for an IDS to be placed is behind the firewall. Although this position varies considering the network. The ‘behind-the-firewall’ placement allows the IDS with high visibility of incoming network traffic and will not receive traffic between users and network. The edge of the network point provides the network the possibility of connecting to the extranet.
- In cases, where the IDS is positioned beyond a network’s firewall, it would be to defend against noise from internet or defend against attacks such as port scans and network mapper.An IDS in this position would monitor layers 4 through 7 of the OSI model and would use Signature-based detection method. Showing the number of attemepted breacheds instead of actual breaches that made it through the firewall is better as it reduces the amount of false positives. It also takes less time to discover successful attacks against network.
- An advanced IDS incorporated with a firewall can be used to intercept complex attacks entering the network. Features of advanced IDS include multiple security contexts in the routing level and bridging mode. All of this in turn potentially reduces cost and operational complexity.
- Another choice for IDS placement is within the network. This choice reveals attacks or suspicious activity within the network. Not acknowledging security inside a network is detrimental as it may allow users to bring about security risk, or allow an attacker who has broken into the system to roam around freely.
Intrusion Detection System (IDS)
An Intrusion Detection System (IDS) maintains network traffic looks for unusual activity and sends alerts when it occurs. The main duties of an Intrusion Detection System (IDS) are anomaly detection and reporting, however, certain Intrusion Detection Systems can take action when malicious activity or unusual traffic is discovered. In this article, we will discuss every point about the Intrusion Detection System.