What are Intrusion Detection Systems?

Intrusion Detection System (IDS) are becoming aThe simplest and easiest way to break in is to let
very important part of any strategy forsomeone have physical access to a system. Despite
enterprisesecurity. But what are Intrusion Detectionthe best of efforts, it is often impossible to stop
systems? CERIAS, The Center for Education andsomeone once they have physical access to a
Research in Information Assurance and Security,machine. Also, if someone has an account on a
defines it this way:system already, at a low permission level, another
"The purpose of an intrusion detection system (orway to break in is to use tricks of the trade to be
IDS) is to detect unauthorized access or misuse of agranted higher-level privileges through holes in your
computer system. Intrusion detection systems aresystem. Finally, there are a lot of ways to gain
kind of like burglar alarms for computers. They soundaccess to systems even if one is working remotely.
alarms and sometimes even take corrective actionRemote intrusion techniques have become harder
when an intruder or abuser is detected. Manyand more complex to fight.
different intrusion detection systems have beenHow does one stop intrusions?
developed but the detection schemes generally fallThere are several Freeware/shareware Intrusion
into one of two categories, anomaly detection orDetection Systems as well as commercial intrusion
misuse detection. Anomaly detectors look fordetection systems.
behavior that deviates from normal system use.Open Source Intrusion Detection Systems
Misuse detectors look for behavior that matches aBelow are a few of the open source intrusion
known attack scenario. A great deal of time anddetection systems:
effort has been invested in intrusion detection, andAIDE ( Self-described as "AIDE (Advanced Intrusion
this list provides links to many sites that discussDetection Environment) is a free replacement for
some of these efforts"(Tripwire. It does the same things as the semi-free
There is a sub-category of intrusion detectionTripwire and more. There are other free
systems called network intrusion detection systemsreplacements available so why build a new one? All
(NIDS). These systems are looking for suspiciousthe other replacements do not achieve the level of
activity and monitor the packets. Network intrusionTripwire. And I wanted a program that would exceed
detection systems can monitor many computers at athe limitations of Tripwire."
time over a network, while other intrusion detectionFile System Saint ( - Self-described as, "File System
systems may monitor only one.Saint is a lightweight host-based intrusion detection
Who wants to breaking into your system?system with primary focus on speed and ease of
One common misconception of software hackers isuse."
that it is usually people outside your network whoSnort ( Self-described as "Snort(R) is an open source
break into your systems and cause mayhem. Thenetwork intrusion prevention and detection system
reality, especially for corporate workers, is thatutilizing a rule-driven language, which combines the
insiders can and usually do cause the majority ofbenefits of signature, protocol and anomaly based
security breaches. Insiders often impersonate peopleinspection methods. With millions of downloads to
with more privileges then themselves to gain accessdate, Snort is the most widely deployed intrusion
to sensitive information.detection and prevention technology worldwide and
How do intruders break into your system?has become the de facto standard for the industry.