Intrusion Detection System (IDS)

What is IDS (Intrusion Detection System)?

IDS, short for "Intrusion Detection System," refers to hardware or software designed to detect signs of unauthorized access to an internal network and notify administrators.

There are two types of IDS based on implementation:

• Host-based IDS (HIDS): Installed as software on the protected computer, HIDS monitors logs such as OS logs to detect intrusions.
• Network-based IDS (NIDS): Deployed as a dedicated appliance in the network segment of protected computers, NIDS monitors network traffic for unauthorized activity. NIDS is generally more suitable for efficiently monitoring an entire internal network.

Intrusion detection methods include:

• Signature-based Detection: Uses signature files that describe patterns of known threats for identification.
• Anomaly-based Detection: Identifies unusual or abnormal activities to detect breaches.

An evolved version of IDS is the Intrusion Prevention System (IPS), which not only detects attacks but automatically takes preventive actions like blocking unauthorized access. However, with the increasing use of web applications, breaches that cannot be prevented by IDS or IPS are becoming more common. To address such security threats, utilizing a Web Application Firewall (WAF) is an effective solution.