Partager via


Using an Intrusion Detection System (IDS)

A secure network should monitor for intrusions and attacks by using an intrusion detection system (IDS). An IDS provides real-time monitoring of network traffic and implements the "prevent, detect, and react" approach to security.

You should implement an IDS in front of a firewall in every security domain, where it monitors incoming traffic. An IDS can show where a perpetrator is trying to attack. It can identify attack signatures or patterns, generate alarms to alert the operations staff, and cause the routers to close connections with hostile sources. These systems can also prevent denial-of-service attacks.

Although IDSs are necessary for security, you should consider the following issues associated with their use:

  • An IDS is processing-intensive and can affect the performance of your site.

  • An IDS is expensive.

  • An IDS can sometimes mistake typical network traffic for a hostile attack and cause unnecessary alarms.

Several third-party tools are available for intrusion detection. Enhancing and developing IDS technology is an ongoing process within the computer industry.

See Also

Other Resources

Securing the Deployment