January 5th, 2004, 05:06 AM
what do IDS's do ?
Anyone know what IDS's really do ?
I'd be really greatful for any information about how they work and why they are are important (if they are). Any advise for good window's IDS's would be cool too !
Thanks in advance
January 5th, 2004, 05:10 AM
January 5th, 2004, 05:23 AM
January 5th, 2004, 05:29 AM
Theres a tutorial by qod about intrusion detection systems -
A IDS system pretty much, looks at all the packets going into your computer. If the IDS thinks that theres something suspicious about a packet, it makes a log and gives you a alert. You give this log to your ISP (or their ISP) and let them decide.
People use this with a firewall because if someone manages to get into your computer, they can delete your firewall logs and whatever evidence there is on your computer. The IDS' existence is usually hard to notice, so the logs cant be found. Some IDS email you the log.
January 5th, 2004, 05:30 AM
Not a problem hope it answers all your questions you may have about it.
January 27th, 2004, 02:54 AM
OMG that was a great link, I dont mind doing research but it can be a relief to find more than one answer on the same page. Thanks a lot
January 27th, 2004, 09:34 AM
nice link I had been thinking about running an ids becuse I recently set up a wireless network in my house I think I will have to move it up on my list of things to do.
can you recomend any good IDS programs that you have experience with?
[Shadow] have you ever noticed work is like a tree full of monkeys you look down and all you see is monkeys below you then you look up and all you see is a bunch of *******s above
January 27th, 2004, 09:58 AM
Although not a expert at IDS.. let me share some info I know abt IDS....
IDS works like a closed circuit camera.. It os capable of monitoring the traffic that passes through its lens..... IDS aim to detect computer attacks , computer misuse and to alert the proper individuals upon detection through mails, alerts, sms etc.
The placement of IDS is very critical ...... Some people prefer installing it after the firewall.... personally I believe in this.. while others advocate installing of IDS before the firewall......
Network Based IDS ...... Monitors the data that passes over the network.. basically it monitors all the traffic entering the network or generating from the network (assumption is that IDS is properly placed to monitor the above activities)...
Host based IDS similiarly monitor activities on a specific host.....
Problems with any type of IDS implementation is False Positives......... where legitimate network traffic are marked as intrusions...
Two commonly used techniques to detect intrusions are Signature based and anomaly based ....
While signature would compare the packet with current intrusion signatures.. anomaly aims at identifying normal usage patterns... anything which deviates from normal usage pattern is termed as intrusion....
It has been discussed many times on this board bvut for convinience of users...... some of the IDS for home users are
****** Any man who knows all the answers most likely misunderstood the questions *****