Different modes and modalities
You need to know that Intrusion Detection is basically an old technology, which entails plenty of domains and sub-domains. The first one is network-based IDS. This form of IDS seeks to identify illicit, unauthorized and anomalous patterns based exclusively on network traffic. The network-centric IDS, incorporating either a span port, hub or network tap collects harmful packets that intrude and traverse your network. The IDS channelizes this captured data to process and actively flag all suspicious traffic. This is in full antithesis to the newest technology of intrusion prevention. Here, IDS doesn’t block traffic actively. Its role is largely passive because it only identifies gathers, alters and logs. Snort is a good example of such IDS.
On physical types
Physical intrusion is another form of Intrusion Detection. Physical IDS refers to the identification of anomalies and threats in physical systems. This particular system is mainly regarded with physical controls, which are located in a certain order. That makes it somewhat more viable than the other types of IDS. The prime examples of physical IDS are security guards, security cameras, access control systems like biometric and cards, firewalls, motion sensors and man traps. This order ensures proper functioning of the CIA. For most cases, this form of IDS functions as a prevention system.
The hot based variance
With hot-based Intrusion Detection or HIDS, you have a system that tries to discern inconsistent, unauthorized and illicit patterns of a certain device. This mechanism predominantly involves the installation of a typical agent of the systems for maintaining surveillance and alerting on all local applications and operating system activities. This concerned installed agent integrates a fusion of rules, heuristics and signatures to detect unauthorized activity. The role of this form of IDS is also passive as it doesn’t eliminate risks and other vulnerabilities. It discerns alerts, assimilates and logs.
In a nutshell
Taking the buzz of IDS being a passive technology into account, you need to make a cross check with existing reactive systems. That would give you a more convincing analysis. In its passive reality, IDS controls all security breaches and potential logs pertaining to information. It also signals an alert. That’s like a sharp contrast to any reactive system. In its core, the IDS seek a specific attack which already comes documented. It works just like virus detection system, where the misuse alert functionality is most important. IDS directly respond to malicious or suspicious patterns by reprogramming the specific firewall or at best, logging off that particular user. The firewall mechanism blocks network traffic from the original harmful source. Visit Here: Bricata