Intrusion+Detection+Systems+(IDS)+(EB)

=﻿ INTRUSION DETECTION SYSTEMS (IDS) =

Definition:﻿ What is an Intrusion Detection System (IDS)?
An Intrusion Detection System (IDS), is a device or software application that monitors network and or system activities for malicious activities; or policy violations, and produces reports to a Management Station. IDS's main focus, is to help information systems prepare for, and deal with attacks.



How do IDS's help Information Systems prepare for and deal with attacks?
IDS's help Information Systems prepare for attacks, by collecting information from a variety of systems and network sources; and then analyze the information, for possible security issues or concerns.

What type of services do IDS's provide?

 * Monitor and analysis of users and systems activity.
 * Auditing of system configurations and vulnerabilities.
 * Assessing the integrity of critical system and data files.
 * Statistical analysis of activity patterns based on the matching of known attacks.
 * Abnormal activity analysis.
 * Operating system audits.

IDS Terminology:

 * Alert/Alarm - A signal that suggests a system has been compromised, or under attack.
 * True Positive - A legitimate attack that triggers an IDS to produce an alarm.
 * False Positive - An event signaling an IDS to produce an alarm when no attack has taken place.
 * False Negative - A failure of an IDS to detect an actual attack.
 * True Negative - When no attack has taken place and no alarm is raised.
 * Noise - Data or interference that can trigger a false positive.
 * Confidence value - A value an organization places on an IDS based on past performance analysis.

IDS's Three Major Components are:

 * 1) Network Intrusion Detection Systems (NIDS)
 * 2) ﻿Network Node Intrusion Detection System (NNIDS)
 * 3) Host Intrusion Detection System (HIDS)

Top 5 IDS's of 2010:

 * 1) SNORT
 * 2) OSSEC HIDS
 * 3) FRAGROUTE/FRAGROUTER
 * 4) BASE
 * 5) SGUIL

Abstract:
During the course of my research, it is indeed my mission to find evidence that supports the effectiveness or non-effectiveness of the IDS ideology. Also, intend to answer questions such as, is IDS cost effective? Does IDS software, really improve an organization's security and efficiency? If malicious activity is detected, who is alerted and how fast or effective is the turnaround or damage control? Furthermore, how high is the error rate with old verses new sofware/devices; and, how often should the software or devices be updated? How much employee and IT management training should there be on current and new software/devices? Should in-house IT management conduct the training, or should it be outsourced; if so, how much will it cost the company in additional expenses? Finally the list of questions above, are only a few in which, I intend to answer before concluding my research.

Sources:

 * []
 * McClure S, Scambray J, and Kurtz G,(2009)Hacking Exposed 6th edit. McGraw-Hill companies.
 * [].
 * Pastore M, and Dulaney E,(2007)CompTIA Security+edit.Wiley Publishing, Inc.
 * []?
 * []?