Intrusion Detection System

A hardware device designed to monitor and protect computer networks from suspicious, malicious, and prohibited network activity.

IDS' can be configured to adhere to a security policy created by an organization by the network admin. IDS use signature patterns derived from the policy to detect various types of malicious activity within a traffic stream.

Anomaly-Based Detection

For anomaly-based detection, the IDS is configured with a baseline for network traffic. Anything outside of that baseline is closely monitored and generates alerts. However, this method is highly unreliable since it generates a lot of false positives.

Configuration

IDSs need to be configured with a packet sniffer to read frames from a mirrored port or TAP, where the aim is to detect malicious traffic that has gotten past the firewalls, providing defense in depth.