An intrusion detection system (IDS) is used to monitor the entire network, it detects intruders; that is, unexpected, unwanted or unauthorized people or programs on network. An intrusion detection system have a number of sensors that is used to detect unwanted or unexpected flow of network traffic, the major sensors as follows:
A sensor monitor log files
A sensor monitor TCP ingoing or outgoing connections
How Intrusion Detection System Works?
Intrusion detection system is works by collecting information and then examining it. IDS collects data from it sensors and analyze this data to give notice to the system administrator about malicious activity on the network.
o An intrusion detection system can be run manually but most IT administrators find it easier to automate the system checks to ensure that nothing is accidentally overlooked. o We can mainly categorize an IDS into two type:
There is still a question, why we use IDS there is firewall to perform these tasks, Firewall is used to stop unwanted traffic from entering or leaving the internal enterprise network, while the IDS is deployed to monitor traffic in vital segments in the network, generating alerts when an intrusion is detected.
A firewall has got holes to let things through: without it, you wouldn't be able to access the Internet or send or receive emails, there is a different way to bypass or cheat a firewall. Snort is an excellent open source Network Intrusion Detection System.,OSSEC is an Open Source Host-based Intrusion Detection System.