IDS/IDP: Intrusion Detection Systems and Intrusion Prevention Systems
IDS/IDP are the next level of security beyond the basis of a firewall. IDS/IDP systems are proactive automated systems to monitor data traffic on a specific network and based on defined rules/policies alert administrators of possible intrusions, misuse or defined malicious situations.
IDS/IDP are based on two types of systems (Host based systems and Network Based Systems)
Host Based IDS/IDP - reside on a particular server that contains sensitive information. If anything on this server (that is defined) is changed the host-based system alerts the administrator of possible malicious activity.
Network Based IDS/IDP - resides on a particular segment of the network. This system monitors all traffic on this network. This system looks for anomalies, signatures and pattern/trends on the network. These systems can work directly with the firewall to control access or work independently of the firewall. Network Based IDS/IDP sensors alert administrators when the particular policies/rules are broken in the network.
Real World examples: Host Based System would be a heat sensor around a piece of jewelry. Network based systems would be the motion sensors and video camera around/in the building of the jewelry.
IDS/IDP solutions are for companies that are extremely concerned with security or data sensitvity. The IDS/IDP solutions can provide excellent forensic accounting for data misuse (HIPAA and GLB requirements), track compromised networks, proactively alert of defined break in attempts, and basically alert an administrator so that they can take a proactive approach to stopping a potential threat.
IDS/IDP solutions are extremely difficult to install/manage correctly. IDS/IDP solution when installed incorrectly will flood an administrator with alerts. (Similar to a car alarm - no one will pay attention to a car alarm if it continually goes off all the time.) Tuning the IDS/IDP solution is an art form and takes a very skilled engineer. Incorrect network installations on IDS/IDP solutions can actually expose the network to many additional threats if not completed properly.
To have an IDS/IDP expert assess your current security needs, please contact us for more information.
