Header
Home | Set as homepage | Add to favorites
  Search the Site     » Advanced Search
Sections
Syndication


Blogroll:

||||| ALL Cisco-Network ARTICLES |||||  
CCIE Journey,
The CCIE Journey,

Home : Wi-Fi Security : Intrusion Detection Systems

Intrusion Detection Systems

Mar 25,2010 by alperen

small font medium font large font
image


Since I am pointing out some important safeguards for your WLAN, this
is the place for a brief introduction to the intrusion detection system.
There are a number of commercial solutions that use rules-based technology
to determine “automatically” if someone is trying to hack your
wireless network, while other have “real” human beings study your logs
for suspicious activity.
An intrusion detection system (IDS) checks out all inbound and outbound
network activity and identifies any suspicious types of activity
that indicate a network or system attack from a hacker trying to breach
your WLAN.
Primary types of IDS, as shown in Figure 1.2, include:
 Pattern detection—An IDS analyzes the information it collects and
compares it to large databases of attack signatures. The IDS looks for
a specific attack pattern that has already been documented. This type
of detection software is only as good as the database of hacker attack
signatures that it uses to compare packets to. The system administrator
can also designate anomalies that stray from the normal network’s
traffic load, breakdown, protocol, and typical packet size. The
IDS monitor detects network segments to compare their state to the
normal baseline and looks for anomalies that match a specified pattern
of attack.
 NIDS and HIDS—Network- and host-based intrusion detection system
analyze individual packets flowing through a network. NIDS can
detect malicious packets that get past your firewall filtering rules.
Host-based systems examine the activity on each individual computer
or host.
 Passive and reactive systems—The passive system IDS detects a
potential security breach, logs the information, and sends an alert.
The reactive-system IDS responds to the suspicious activity by logging
off a user or by reprogramming the firewall to block network
traffic from the suspected hacker.

Each IDS differs from a firewall in that a firewall looks out for intrusions
in order to stop attacks from occurring. The firewall restricts the
access between networks in order to stop an intrusion; however, it does
not usually catch an attack from inside the network. An IDS, however,
examines the suspected intrusion once it has taken place and sends an
alert. Note than an IDS also looks for attacks that originate from within
a system. This can easily occur when a wireless network user appears to
be an “internal user” of your wireless network and therefore hard to distinguish
from a legitimate user.



111 times read

Related news
» Intrusion Detection System (IDS)
by alperen posted on Sep 11,2009
» Intrusion Detection Systems Overview
by alperen posted on Feb 24,2010
» Safeguards
by alperen posted on Mar 25,2010
» Intrusion Detection System Overview
by alperen posted on Feb 19,2010
» IOS Firewall Intrusion Detection System
by alperen posted on Sep 11,2009
Did you enjoy this article?
1 2 3 4 5
(total 0 votes)

comment Comments (0 posted) 

More Top News
CCSP-Cisco Certified Security Professional
arrow Cisco SAFE Implementation
arrow Preparation Documents
arrow Exam Topics
arrow Skills Required for the Exam
arrow Cisco SAFE Implementation Questions and Answers
arrow Access Control Lists Cisco
arrow Access List Basics
arrow Standard Access Lists
arrow Verifying ACLs
arrow Extended Access Lists
arrow TCP Access Lists
arrow UDP Access Lists
arrow ICMP Access Lists
arrow Named Access Lists
arrow Signature and Alarm Management Review
arrow Signature and Alarm Management Review Questions and Answers
arrow Event Viewer
arrow Managing Alarms
arrow Event Viewer Customization
arrow Preference Settings
arrow Sensor Installation
arrow Connecting to Your Network Sensor Appliance
arrow Sensor Bootstrap
arrow Sensor Installation and Configuration Review
arrow Sensor Installation and Configuration Questions and Answers
arrow Signature and Alarm Management
arrow CIDS Signatures
arrow Signature Series
arrow Signature Implementations
arrow Signature Classes
arrow Signature Types
arrow Signature Severity
Most Popular
Most Commented
Featured Author

admin

image
<| Cisco Articles | Maximum Learning | All Cisco-Network Study Notes | Privacy Policy |>
If you think you own the material being used without permission, contact alperenmad[at]hotmail.com. material will be removed from the site.