• United States



by CSO Contributor

Intrusion Detection System

Mar 19, 20031 min
CSO and CISOData and Information Security

Comprehensive security software that identifies and records all attempts to compromise a network. In its simplest form, an intrusion detection system identifies and records potential security threatssuch as someone scanning server ports or making repeated attempts to log in using random passwords.

A network-based IDS relies on network sensors that monitor packets as they go by. Typically, a network-based IDS comprises sensors at network entry points (alongside a firewall, for instance) or at the boundaries between subnets with different security levels (such as between your LAN and your data center).

A host-based IDS, by contrast, monitors activity on specific servers or mainframe hosts by keeping an eye on the integrity of critical files, or by monitoring specific operating system events (such as suspicious error messages or unusual server processes).