In this article we want to address the importance of installing an Intrusion Detection System IDS, within corporate networks, to do this I start from a fundamental premise:
the European Regulation 679/16 better known as GDPR is considered by many an obstacle, a burden for the company and individuals often considering it only as another bureaucracy. This is definitely a wrong approach because in today’s society the personal data takes on an increasing importance demonstrated by the fact that companies that do business with data are among the most important in the world (Google, Facebook ..)This must make us understand the value of the data at the moment, in this perspective, treating the data carefully and giving it the importance it deserves becomes an opportunity for the company, an obligation, not only legal, but necessary for the development of competitiveness. Mainly for this reason I want to deepen the importance of installing an Intrusion Detection System IDS within the corporate network, a useful tool to preserve the integrity and confidentiality of data.
Of course, this does not concern natural persons who with data do not do business, but they are the direct stakeholders, with the new Regulation natural persons have more control over their data, they can decide which treatments to consent, verify by means of clear information how their data are processed, if transferred, for how long they are stored, know what data the company stores, ask for their cancellation, the update etc. This new Regulation has made users very aware of the importance of their personal data and the security with which their data is processed is becoming or will become a fundamental parameter of choosing one supplier over another.
Concluded this small premise we proceed with the importance of installing an intrusion detection System IDS
What is an Instrusion Detection System IDS
An intrusion detection system (IDS) is a security software or hardware device used to monitor, detect, and protect networks or systems from malicious activity; it immediately alerts security personnel interested in detecting intrusions. IDS are extremely useful as they monitor network inbound and outbound traffic and continuously monitor for suspicious activity to detect a network or system security breach. In particular, they monitor traffic by comparing signatures that match known intrusion patterns and generate an alarm when a match is detected.
IDS can be classified into active and passive IDS depending on their functionality. A passive IDS generally only detects intrusions, while an active IDS not only detects network intrusions, but also prevents them from becoming an IPS Intrusion Prevention System.
An Intrusion Detection System IDS is not a substitute for Firewall and Antivirus, these are systems with different functionalities and the installation of one does not exclude the other, indeed it would be good to configure correctly and keep everything updated, That said an IDS detects events that escape Firewall and Antivirus.
Main functions of IDS:
An IDS collects and analyzes information from within a computer or network to identify possible breaches of the security policy, including unauthorized access and misuse.
An IDS is also called “packet sniffer”, because it intercepts packets that travel through various media and communication protocols.
Packets are analyzed after being captured.
An IDS evaluates traffic for suspected intrusions and generates an alarm to detect such intrusions.
IDS can be Network Based, so NIDS or Host Based then HIDS and generally almost all offer:
Monitoring and storage of logs
Rootkit detection
File integrity checking
Windows registry integrity checking
Active response (active response transforming into IPS)
offering the following reports:
detection of common web attacks
XSS (Cross Site Scripting) attempts
SQL Injection Tentative Detection
failed login attempts (Windows, MySQL, PostgreSQL, sonicwall, Remote Access, SSH …)
Installazione di un Intrusion Detection Systems IDS
Dove risiede IDS nella rete
Prima di implementare l’IDS, è essenziale analizzare la topologia della rete, capire come fluisce il traffico da e verso le risorse che un utente malintenzionato può utilizzare per accedere alla rete e identificare i componenti critici che saranno possibili bersagli di vari attacchi contro il network. Dopo aver determinato la posizione dell’IDS nella rete, l’IDS deve essere configurato per massimizzare il suo effetto di protezione della rete.
How an IDS works
The main purpose of the IDS is to provide real-time monitoring and detection of intrusions. In addition, reactive IDS (and IPS) can intercept, respond and/or prevent intrusions. An IDS works as follows:
IDS have sensors to detect malicious signatures in data packets, and some advanced IDS include behavioral activity detection to detect malicious traffic behavior. Even if package signatures don’t match the signatures in the IDS signature database, the task detection system can warn administrators about possible attacks.
If the signature matches, the IDS performs predefined actions such as terminating the connection, blocking the IP address, deleting the packet, and/or issuing an alarm to inform the administrator.
When the signature matches, the anomaly detection will be skipped; otherwise, the sensor may analyze traffic patterns to detect an anomaly.
When the package passes all the tests, the IDS will forward it to the network.
Other information: https://it.wikipedia.org/wiki/Intrusion_detection_system
If you need support for installing an Intrusion Detection System please contact us