Cybersecurity
IDS
Definition
An Intrusion Detection System (IDS) is a device or software application that monitors a network or systems for malicious activity or policy violations. Any detected activity or violation is typically reported either to an administrator or collected centrally using a SIEM system.
Why It Matters
An IDS acts like a burglar alarm for your network. It passively monitors traffic and alerts you when it sees something suspicious, giving you an early warning of a potential attack.
Contextual Example
A network-based IDS (NIDS) inspects all traffic passing through a network segment. If it sees traffic that matches a known attack signature (e.g., a specific malware communication pattern), it sends an alert to the security team.
Common Misunderstandings
- An IDS only detects and alerts; it does not block the traffic. An Intrusion Prevention System (IPS) can both detect and block malicious traffic.
- Host-based IDS (HIDS) runs on individual computers, while Network-based IDS (NIDS) monitors network traffic.