Essay on Intrusion Detection and Prevention System (IDPS)
Number of words: 823
Intrusion detection is the norm of setting up software and devices—intrusion detection systems aids in detecting intruders and outsiders to a network. The detections system’s primary role is to identify and alert any impending danger towards the isolation procedure and prevent damage to the system. The IDS differ from firewalls because it checks attacks inside the system while the firewall blocks threat from entering the system. IDS functions by identifying a threat but cannot weed out the threat from the system.
The network intrusion detection system is an independent platform and works by checking network traffic and the network hosts for any threat. NIDS are located on the data choke points and the network border connecting to the network hubs. The function of a network intrusion detection system is to check on the network traffic and the individual packets of any malicious content that may harm the system (Park, 2018). NIDS installation and good maintenance can monitor the network traffic without affecting the system’s performance; it does not add the size of the network traffic, therefore not influencing the network availability to the users.
The second Intrusion detection system is the host-based intrusion detection system. HIDS is located on the host systems and functions by detecting malicious software and unwanted activities that bypass system calls, files, and application logs. HIDS functions by analyzing the log-in attempts towards the systems with the known brute force attack patterns, determining any illegal attempts to bypass the system security (Chawla, 2018). HIDS differs from NIDS because it detects local attacks on the host and detects what NIDS may have missed. HIDS has the advantage of detecting and preventing software security breaches such as the Trojan horses. HIDS is good in an encrypted network; therefore, it protects sensitive information such as intellectual property.
A perimeter intrusion detection system functions by detecting attacks or any intrusion attempts on the outer wall of the system infrastructure, for example, the central server. The infrastructure of PIDS includes an electronic fiber optic device located on the fence of the central server. PIDS being at the peripheral, detects any form of disturbance or attempted access into the system before triggering an alarm to the user. PIDS acts as an early warning to any intrusion into the system and provides the first defense mechanism against any form of trespasses. PIDS has a low-cost impact on the user because the user fixes into the system as an outer layer without influencing other parts of the system.
The virtual-based intrusion detection system (VIDS) combines any of the other intrusion detection systems. The system’s users deploy the virtual-based intrusion system remotely through a virtual machine (Zhang, 2018). VIDS is the newest form of intrusion detection system still under maintenance and improvement and currently the most used by information technology service providers. The other intrusion detection systems are more intrusive than VMIDS, where the vendor can deploy virtually. The main disadvantage of virtual-based intrusion is internet interruption issues in the event of a slow internet connection.
VIDS has an advantage over the rest of the intrusion detection and prevention system because it is not hardware embedded therefore movable from one server to the other while running. VIDS provides for the secure maintenance of hardware and load balancing leading to low resource consumption. The security provided for by the VMIDS offers an advantage to the traditional operating system because it is hard to attack (Park, 2018). The actions performed in a virtual environment can be brutal to hide, and the users can remotely inspect the machine state. On security issues, VMIDS can notify users of any impending attacks when certain events try to bypass a system’s security.
As the chief information security officer, I would recommend a virtual-based intrusion detection system because it combines the rest of the intrusion systems. VIDS process occurs virtually. Therefore, users can perform any system security checks online and receive any update in a security breach.
Reference
Park, K., Song, Y., & Cheong, Y. G. (2018, March). Classification of attack types for intrusion detection systems using a machine learning algorithm. In 2018 IEEE fourth international conference on big data computing service and applications (BigDataService) (pp. 282-286). IEEE.
https://ieeexplore.ieee.org/abstract/document/8405725/
Chawla, A., Lee, B., Fallon, S., & Jacob, P. (2018, September). Host based intrusion detection system with combined CNN/RNN model. In Joint European Conference on Machine Learning and Knowledge Discovery in Databases (pp. 149-158). Springer, Cham.
https://link.springer.com/chapter/10.1007/978-3-030-13453-2_12
Zhang, R., & Xiao, X. (2018). Study of danger-theory-based intrusion detection technology in virtual machines of cloud computing environment. Journal of Information Processing Systems, 14(1), 239-251.
https://www.koreascience.or.kr/article/JAKO201810256452427.page