The 21st century business is hinged on information and communication network infrastructure for efficiency and to ease end-to-end business processes. For this reason and strictly from a fundamental point of view, it is extremely important that measures are taken to mitigate both internal and external threats to the network and devices within.
Below is a concise summary of trusted technology solution described as network intrusion detection and prevention systems and it is pertinent to mention that while one is mainly set up for detecting intrusion and violations the other does both detection and prevention of intrusion.
INTRUSION DETECTION SYSTEM (IDS)
Intrusion detection system (IDS) is a hardware or software application that screens or monitors a network, devices or systems for malicious activity or policy harms and violations. When violation is proactively detected it is reported to the system administrator or centrally collected and reported using a security information and event management (SIEM) system. SIEM system combines security information management (SIM) and security event management (SEM) and provide real-time analysis of security alerts generated by network monitoring hardware and software applications such as N.I.D.S.
Network intrusion detection systems (NIDS) are placed at a strategic point or points within the network to monitor traffic to and from all devices on the network. It performs an analysis of passing traffic on the entire subnet, and matches the traffic that is passed on the subnets to the library of known attacks.
Once an attack is identified or any abnormality is sensed, the alert can be sent to the administrator. NIDS would be installed on the subnet where firewalls are located to see if someone is trying to break into the firewall.
There is a wide range of IDS, varying from antivirus software to systems that screen the traffic of an entire network infrastructure. The most common types are network intrusion detection systems (NIDS) and host-based intrusion detection systems (HIDS). HIDS are for monitoring important operating system files, while NIDS analyses incoming network traffic.
IDS can be categorized by detection methodology; the most popular choices are signature-based detection (recognizing bad patterns, such as malware) and anomaly-based detection (detecting deviations from a model of good traffic based on configuration settings).
INTRUSION PREVENTION SYSTEM (IPS)
Some IDS do beyond intrusion detection by also preventing intrusion. Systems with response capabilities are typically referred to as an intrusion prevention system (IPS).
Intrusion prevention systems (IPS), also known as intrusion detection and prevention systems (IDPS) are network security appliances that monitor network or system activities for malicious activity. The principal functions of intrusion prevention systems are to identify malicious activity, log information about this activity, report it and attempt to block or stop it.
IPS can send an alert, drop malicious packets, reset a connection or block traffic from the offending IP address. An IPS also can correct cyclic redundancy check errors, mitigate TCP sequencing issues, defragment packet streams and clean up network unwanted transport layer options.
Intrusion prevention systems are extensions of intrusion detection systems because they both monitor network traffic and system activities for malicious activity. The key distinction is, unlike intrusion detection systems, intrusion prevention systems are placed in-line and are able to proactively prevent or block intrusions that are detected.
The great technology inventions discussed here have made huge impact on businesses across verticals in today’s business world in relation to network infrastructure monitoring and security from possible attacks hence it is not only an acceptable trend but best practice too.
No comments:
Post a Comment