Along with the popularity increase of wireless networking, the risks are getting higher also. there are threats like MAC Spoofing, ARF Spoofing, and others to find in this type of network. Therefore, a special security system is needed to reduce the security problem that is coming in the wireless network. The system is known as Intrusion Detection System or IDS. What is it?
The Definition of IDS Security
Intrusion Detection System (IDS) is a system that works in detection suspicious activities in a system or network. If the suspicious activity is found in the traffic, IDS will automatically notify or warn toward the system or network administration. It is followed by the analysis that is conducted whether it is automatically by the system or manually. During the analysis, the evidence can be found particularly in term of infiltration attempt.
Types of IDS Security
IDS security is divided into at least 2 types namely Network Intrusion Detection System (NIDS) and Host Intrusion Detection System (HIDS). NIDS is a type of network-based IDS that are placed in strategic spots within the network. Then, the system will monitor the traffic line and analyze whether there are attempts of infiltration or attack in the network system or not.
Meanwhile, HIDS works by analyzing activities of a certain individual network host whether there is an attempt of infiltration and attack or not. This system also monitors the consignments or messages from both inside and outside only from one tool only. If the system is detecting a suspicious thing, it will give notification or warning to the administrator.
How IDS Security Works
Not only the types that are different, the ways IDS security works tend to be different as well. However, there are some of them that are considered the most popular ways of how the system works. First, it works just like some types of antivirus work. This way, IDS matches the network traffic activities with the data basis. The data basis here is them that contain attacks and infiltrations that are often to be done by the threats. To make the system always works well; you need to updates the system that applies this working method. It is since the threats may be upgraded also.
The second popular way of IDS working is by detecting the anomaly process. This type of IDS is known also as the anomaly-based IDS. The IDS system works by involving the possible traffic patterns in attacks commonly done by the threats. To run this method, there is a statistic technique to compare the normal traffic and traffic with attacks.
The second method offers some benefits that cannot be found in the first method. The IDS that uses this method is able to detect new attacking methods although those new methods have not yet recorded in the signature-based of IDS. Sure, the lack is also there in which false notification is often given. So, although it is more actively working, the administrator must work harder in selecting which one the true attack and which one that is not.
Third, IDS also works by monitoring the operating system files. It is able to detect whether there is an attempt to change the operation system files particularly the log files. This method is often implemented in HIDS. Meanwhile, the two others mentioned above are more frequently found in the NIDS system.
Benefits and Lacks of IDS Security
IDS security is widely used in IT companies and agencies in the world. It means that it offers some benefits that other security types may not give. The benefits are as follow; able to detect external and internal hackers, easily adjustable in providing extra protection for the entire network, providing additional layer for protection, monitoring internet to detect attacks, enabling the non-technical members to manage the protection system entirely, tracking users’ activities, simplifying a complex information source system, giving bigger integration to other security systems applied, and more.
Meanwhile, this security has some lacks also. it is very reactive toward the attack rather than preventing before the attack is happening, producing bigger data to analyze, not able to handle encrypted traffic, being more susceptible of overload, and not able to identify the origin of the attack.
Implementation of IDS Security
There are some examples of IDS security implementation. First, it is chkwtmp, a program that checks the empty entry. In other words, wtmp is able to record something but there is nothing there. Second, hostsenntry, it is a program that detects anomaly login that refers to the bizarre behavior in a system.