10 Components Of Intrusion Detection System

10 Components Of Intrusion Detection System

 

 

 

In my previous articles, I have discussed some of the facts that you need to Know about Intrusion Detection Systems and firewall implementations. In this article, I want to talk about ten major components of Intrusion Detection System. Follow me as we are going to look at this together in this article. 

10 Components Of Intrusion Detection Systems

First and foremost, regardless of the Intrusion Detection System that you select, they all have certain components in common. It is important to have a general understanding of these components as a network security expert. 

These are some of the basic understanding that you should have about Intrusion Detection System…

  1. An activity is an element of a data source that is of interest to the operator. 
  2. The administrator is the person responsible for an organisation’s network security. 
  3. A sensor is the IDS component that collects data and passes it to the analyser for analysis. 
  4. The analyser is the component or process that analyses the data collected by the sensor.
  5. An Alert is a message from the analyser indicating that an event of interest has occurred. 
  6. The Manager is the part of the IDS that is been used to manage a console. 
  7. Notification is the process or method by which the IDS Manager make the operator ware of an alert. 
  8. The Operator is the person primarily responsible for the IDS. This is often the administrator. 
  9. An event is an occurrence that indicates suspicious activity might occur. 
  10. The Data source is the raw notification that the IDS uses to detect suspicious activities. 

 

Beyond these basic components, IDS can be classified either based on how they respond to detected anomalies or based on how they are deployed. An active IDS now called an Intrusion Prevention System, will stop any traffic deemed to be malicious. 

 

A Passive IDS simply logs the activity and perhaps alerts the administrator. The problem with IPS is the possibility of false positives. It is possible to have an activity that appears to be an attack. Yet, in fact it was not. You can also define IDS/IPS  based on whether a single machine is monitored or how an entire network segment is monitored. If it is a single machine, then it is called a Host-Based Intrusion Detection System. 

 

Then if it is a network segment, then it is called a Network-Based Intrusion Detection System or a Network-Based Intrusion Prevention System.

 

Now Tell Us Your Own Side Of This Story.

We would also like to hear what you feel about the topic we discussed today. Your feedback is very important to us. Feel free to drop your comments and recommendations. If you have a contrary opinion, you can drop that too.

You can also become part of our Facebook Page CRMNigeria for more updates. You can do that by clicking on the link or searching for our page on Facebook.

 

You can also become part of our WhatsApp Group Here.

Download Our App Here.

Enjoy Latest Music From across the globe. Download TubeNaira.