Why intrusion detection?

IDS has been around for many years now. Intrusion Prevention came right after and tried to solve the fact that an IDS only detects an abnormality but does nothing with it. These detectors are commonly installed on the perimeter firewall or close to it.

IDS was an attempt to automate the process of identifying attacks in the network. It looked for incorrect use of various IP protocols, port scans and other things that could easily be detected using a signature. Improvents to the IDS was things like IPS or IDP - where they actually prevent things instead of just detecting threats.

Do we need an IDS?

For most cases I'd say no. The reason for this are;

1. Novadays most attacks are directed towards the client PC. This is a laptop that are on the Internet. We need to protect the client at all times, just not when on the company network.

2. Many viruses , hoaxes and trojaners are mutable and not detectable by an IDS. Security needs to be on the client.

3. With widespread use of encryption, like https leaves the IDS useless. It can not see the inside of the payload.

4. An IDS is just one of many tools you can use to protect your computer. (Get them all from one vendor - it will work together.)

Because of this the focus has been moved from the network and the perimeter on to the PC's on the network. Many vendors have all-in-one solutions for viruses, spam, threats and other potential dangerous attacks.

Be safe - buy yourself a good all-in-one protection package!