Question

1. What is IDS? Explain different types of IDS’s with examples?

Write your answer in your own words.

Answer

2.Case study on commercial Intrusion Detection System.

Answer 1

IDS:

IDS is an intrusion detection system and is used to detect any internal changes in the system. Changes could be a virus or malicious packet sent to the network. It is used as a hardware or software piece to mitigate risks after identifying them.

Types of IDS:

Network based:

These systems are used at network level. They are used to monitor traffic in and out of the network. The traffic patterns are observed and different abnormal behaviours are investigated.

Host based:

It is used at system level. The system traffic is monitored for any malicious events. Such an IDS can take system snapshots whenever there is any change or alert.

Case study of commercial IDS:

A commercial IDS is used to protect the organizations or even houses. It audits the traffic and prevents any exploits related to vulnerability. It can be network or host based. The system closely watches the traffic and takes action any time false positives are detected. If there is no attack and it was only a safe change in behaviour, it is termed as false negative.

These systems are used to verify the attack's success and chances of it occurring again. It also monitors system activities. The best thing is there is no need to set up extra hardware and the entry cost is also low.

Different types of malicious events and attacks tracked by these systems are DoS attack, spoofing, eavesdropping, abuse attack, etc.

The system is used to collect data, select various features, analyse the correctness of the system, take action as per the requirements.