Welcome to #WeekendWisdom number 49. This week we’re going to talk about Intrusion Detection Systems.
What are intrusion detection systems?
An intrusion detection system, or IDS, is either a device or a piece of software that sits on the network and analyses the data that flows across that network. It looks for signs that there might be an intruder, hackers or something that might be on the network or some piece of software that’s doing something malicious on the network.
How does an IDS work?
It can detect these by using techniques such as, like what an anti-virus application uses, it looks for a signature. So if a specific type of malicious software that is sitting on the network might be extracting data from your network. That has a certain behaviour. It might have a certain signature that the IDS can pick up on.
Similarly, using techniques like machine learning an IDS might be able to look for anomalous behaviour. So if a database server is suddenly sending lots of data to another host or outside the network unexpectedly, that anomalous behaviour could be detected by the IDS and reported on.
There also other devices which are called honeypots which can enhance an IDS. A honeypot will look like a very, very vulnerable device, maybe a vulnerable email server. If the hackers scan that and try and penetrate that honeypot that will trigger an alert because nothing should be scanning that device.
So that’s it for this week. Let’s be careful out there and we’ll talk to you again next week.
How can L2 Cyber Security help you?
We offer a full range of training programmes, which can be delivered online or in-person*.
L2 Cyber Security are also a partner of CyberRiskAware for online self-directed Cyber Security Awareness training and Phishing testing.
Contact us for more information at info@L2CyberSecurity.com.
*With appropriate social distancing and other health and safety measures adhered to.