Intrusion Detection Systems In 1980, James Anderson's article, Computer Security Threat Monitoring and Surveillance, contained the concept of intrusion detection. Through government funding and serious corporate interest, intrusion detection systems (IDS) have been able to develop to their current state. So what exactly is IDS? An IDS is used to detect malicious network traffic and computer usage through attack signatures. The IDS monitors attacks not only from incoming Internet traffic, but also from attacks that originate in the system. When a potential attack is detected, the IDS records the information and sends an alert to the console. How the alert is detected and handled depends on the type of IDS in place. In this document we will discuss the different types of IDS and how they detect and handle alerts, the difference between a passive and a reactive system, and some general IDS intrusion invasion techniques. First of all, let's see what the difference is between a passive system and a reactive IDS. In a passive IDS the sensor detects a potential threat, then records the information and sends an alert to the console. With a reactive IDS, also known as an intrusion prevention system (IPS), the threat would be detected and logged. Then the reactive IDS would reset the connection or reprogram the firewall to block network traffic from the suspected source, which could be automatic or under an operator's control. Therefore a reactive system will act in response to the threat while a passive system will simply record and send an alert to the console informing the operator of a threat. There are many types of intrusion detection systems, network intrusion detection, host-based, protocol based, application protocol based...... middle of paper ......the real attack. Utilities like stick and snot are designed to send a large amount of attack signatures across a network to generate a large number of IDS alerts. However, it will only work on IDSs that do not maintain application protocol context. As you can see from the numerous ways to bypass intrusion detection systems, as with any network security system, there is no one-stop security solution. Even then there will always be a need for intrusion detection systems. The best solution would be a combination of network-based and host-based IDS, in other words a hybrid IDS. These will give you the benefits of both worlds of IDS and allow for greater security. Whatever your opinion on which solution is right for you, intrusion detection systems are here to stay and are a valuable tool for network security. Resources http://www.securityfocus.com/infocus/1514