What is an Intrusion Detection System (IDS)?

What is an Intrusion Detection System (IDS)?

An Intrusion Detection System (IDS) is a system for detecting misuse of network or computer resources.

An IDS will have a number of sensors it utilizes to detect intrusions. Example sensors may be:

* A sensor to monitor TCP connection requests.
* Log file monitors.
* File integrity checkers.

The IDS system is responsible for collecting data from it's sensors and analyzing this data to give the security administrator notice of malicious activity on the network.

IDS technologies are commonly divided into NIDS (Network Intrusion Detection Systems) and HIDS (Host Intrusion Detection Systems).

Newer NIDS also attempt to act as NIPS (Network Intrusion Prevention Systems).

Snort is an excellent open source Network Intrusion Detection System