Intrusion Detection Systems - Week 5

Intrusion Detection Systems - Week 5

Intrusion Detection Systems are designed to detect an alert individuals of malicious activities or attacks, IDS's come in two main forms; host-based IDS and network-based IDS. 

Intrusion detection systems have sensors to detect security breaches, logs to record said events and a management console where you can configure the systems, view the logs to spot suspicious activities or just blacklist unauthorised connections. 

Host-based IDS works on individual devices (hosts) within your network, acting as personal detectives for each device. They monitor activities on a specific device, looking for anything unusual or suspicious.

Network-based IDS, on the other hand, acts as a neighbourhood watch for your entire network. It watches the traffic flowing through your network, identifying patterns or known attack signatures.

                                                                    Host based IDS

                                                            Network Based IDS

Access control determines who is allowed in your network and what actions they can perform, it restricts access to only authorised users. Auditing in the other hand records every action taken by a user within the system. This allows you to detect any unusual or suspicious activities.

                                                                    Access Control

                                                                        Auditing

In conclusion, Intrusion Detection Systems and Access controls with Auditing are crucial components of network and computer system security. They work hand in hand to provide a layered defence, detecting and preventing intrusions while ensuring that authorised users can work securely within the system.