A correct firewall policy can minimize the exposure of many networks however they are quite useless against attacks launched from within. Hackers are also evolving their attacks and network subversion methods. These techniques include email based Trojan, stealth scanning techniques, malicious code and actual attacks, which bypass firewall policies by tunneling access over allowed protocols such as ICMP, HTTP, DNS, etc. Hackers are also very good at creating and releasing malware for the ever-growing list of application vulnerabilities to compromise the few services that are being let through by a firewall.
IDS arms your business against attacks by continuously monitoring network activity, ensuring all activity is normal. If IDS detects malicious activity it responds immediately by destroying the attacker's access and shutting down the attack. IDS reads network traffic and looks for patterns of attacks or signatures, if a signature is identified, IDS sends an alert to the Management Console and a response is immediately deployed
What is intrusion?
An intrusion is somebody attempting to break into or misuse your system. The word "misuse" is broad, and can reflect something severe as stealing confidential data to something minor such as misusing your email system for Spam.
What is an IDS?
An IDS is the real-time monitoring of network/system activity and the analysing of data for potential vulnerabilities and attacks in progress.
Intrusion Detection Systems is a topic that has recently garnered much interest in the computer security community. In the last few years, this interest level has spurred the development of a variety of approaches to providing IDS capabilities that are both reliable and low-impact in terms of management or cost. When presented with different types of IDS one might be tempted to assume that one approach or another was inherently superior. In fact, the mixture of approaches used for IDS offers the security analyst a unique opportunity in terms of the synergies inherent in combined techniques. Intrusion Detection Systems are like a burglar alarm for your computer network. They detect unathorized access attempts. They are the first line of defence for your computer systems.