Acronym Monday: IDS
By: Erich Maas
Today’s Acronym Monday is brought to you by the acronym IDS and also National Cyber Security Awareness Month.
Last week, we talked a lot about firewalls. This week, we’re looking at the similar acronym IDS, which stands for intrusion detection system.
What is an Intrusion Detection System?
If you followed our discussion about web application firewalls last week, you will have learned that firewalls detect unauthorized internet traffic that’s trying to gain access to something, whether that’s a server or your personal computer or a network, and blocks the traffic. An IDS is another security feature that helps block unauthorized access, but in a different way.
An intrusion detection system detects and alerts you of unauthorized intruders that have already gained access to a device or network. It’s sort of like a motion detection security system. It detects intruders after they are inside and alerts the authorities. At which point, action can be taken to remove the intruder.
Similar to an intrusion detection system, there are intrusion prevention systems (IPS). These do all the same things that an IDS does, but they also are able to block the detected traffic and remove it. A physical example would be a watchdog. When there are intruders, the dog will bark, and it could even attack them and remove them.
Problems with Intrusion Detection Systems
While these can be extremely helpful with the right configurations and with the right equipment or software, they can have some problems that make them not worth while.
For example, these systems tend to have lots of false alarms. Think of it like your home’s motion detector mistaking a bug flying past it for a burglar and calling the police. If your house gets a lot of bugs and the alarm starts going off every day, you might start ignoring it every time it happens, even when there’s a real burglary. There are certain IDSs that have fewer false alarms than others and there are ways to deploy them to help minimize them, but keep in mind that false alarms are a huge issue with these systems.
Improper maintenance can play a huge roll in how effective an IDS is. If it isn’t updated regularly, it might start missing some attacks, as the techniques of attackers are constantly changing and evolving. Your IDS needs to evolve with these attacks, or it becomes basically useless, a cybersecurity paperweight.
If your network isn’t sufficiently secured to begin with, like you don’t have a password set for example, the IDS won’t be able to tell which traffic is legitimate and which is an attack.
Are intrusion detection systems perfect? No. But if used correctly, can they help bolster the security of your system? Absolutely they can.