Home‎ > ‎Ethics‎ > ‎

Intrusion detection software

What is intrusion detection software?


An intrusion detection system, also known as IDS, is software/and or hardware created to discover unwanted efforts at accessing, operating and/or disabling of computer systems, usually through a network, which is often the Internet.

Ways to categorize an IDS?
·   misuse detection vs. anomaly detection: in misuse detection, the IDS examines the information it collects and evaluates it to large databases of attack signatures. Basically, the IDS searches for a precise attack that has already been recorded. Like a virus detection system, misuse findings software is only as efficicent as the database of attack signatures that it uses to compare packets against. In anomaly detection, the system administrator defines the baseline, or normal, state of the network’s traffic load, breakdown, protocol, and typical packet size.

·   network-based vs. host-based systems: in a network-based system, or NIDS, the individual packets flowing through a network are examined. The NIDS can find malicious packets that are designed to be surpassed by a firewall’s unsophisticated filtering rules. In a host-based system, the IDS observes the activity on each individual computer.

  • passive system vs. reactive system: in a passive system, the IDS senses a possible security breach, logs the information and signals an alert. In a reactive system, the IDS responds to the suspicious activity by logging off a user or by reprogramming the firewall to block network traffic from the suspected malicious source.

What is it used for?


The system is used to identify several types of malevolent behaviors that can compromise the protection and trust of a computer system. It takes the time to scrutinize everything coming in or out of any given network. This includes network attacks against weak services, data driven attacks on applications, illegal logins and access to susceptible files and viruses.


How do they do it?


In order to obtain personal passwords, hackers often use the art of social engineering, or tricking people into revealing information that can aide the attacker in obtaining access into your system. They often make phone calls pretending to be from an Information Technology Department, or Human Resources to gain trust. This practice is also known as phishing, and can be done through e-mails or phone calls.


How to prevent it?


Organizations and business must enable employees, customers and partners to access information electronically in a safe and secure manner. The biggest issue surrounding information security is not technical or operational, but more so a people issue. Over 1/3 of security incidents occur within the organization either on accident or sometimes, on purpose.


Plans need be created and instilled within employees regarding security policies and procedures. If everything is written out, employees can reference and refer to the guide to find out what they can or cannot do. Firewalls can also be created to guard and protect a network by analyzing the information before it leaves or enters the network.


There are five steps to creating an information security plan:


  1. Develop the information on security polices.
  2. Communicate the information security policies.
  3. Identify critical information assets and risks.
  4. Test and reevaluate risks
  5. Obtain stakeholder support 

Intruding into an organization or business's network is by all means unethical and wrong. People who do hack into networks lack proper business ethics and if intrusion detection software does not prevent them from entering into a network, they should be caught and prosecuted.