Startup and Technology News

We call IDS ( Intrusion Detection System ) a mechanism that listens to network traffic in a furtive way in order to identify abnormal or suspicious activities and thus making it possible to have a preventive action on the risks of intrusion. There are two main distinct families of IDS: The NIDS ( Network-Based Intrusion Detection System ), they provide security at the network level.The H-IDS ( Host Based Intrusion Detection System ), they provide security at host. An N-IDS requires dedicated hardware and constitutes a system capable of monitoring the packets circulating on one or more network link (s) in order to discover if a malicious or abnormal act takes place. The N-IDS places one or more network interface cards of the dedicated system in promiscuous mode , they are then in "stealth" mode so that they do not have an IP address . They also do not have a protocol stack attached. It is frequent to find several IDS on the various parts of the network and in particular...

There are different ways of trying to distinguish anomalous or malicious behavior, so different IDS system developers have addressed the problem in different ways. Although the solutions that we can find in the market usually include several of these forms of work, they have traditionally been categorized as follows: Signature-based detection : This system attempts to locate a previously known chain of information in a communication. Thus, the system analyzes http traffic for request strings that induce a possible SQL Injection attack. The main advantage of this strategy is its high efficiency to detect attacks already known but, as a counterpart, it is practically useless to detect attacks not yet known by the system. Policy-based detection : This system requires a thorough definition of the type of communication (and not just ports and protocol) between servers or different networks. These are very effective systems that require detailed configuration. Detection based on anoma...