Researching Intrusion Detection Systems

...

Each program, or dedicated IPS/IDS has its own setup routine to go through that could range from setting up each rule for the system to follow or just plugging it in and connecting it to the network. But most IPS/IDS systems have the same functionality since many of them sort of piggy-back off of eachother with the only major difference being their system blacklists for known malware. Because of the rapid creation of new malware, not everything will be on these blacklists, but these systems can help detect basically any type of malware. The most useful function is the ability to be alerted when a file is changed, and what changed it. This can help with trojans, rootkits and polymorph viruses. They can also scan ports for unrecognized traffic in case of spyware or a port listener.

These viability of these systems vary by the environment they are used in, a NIPS would be very useful for a business or workplace that has some resources to spare and requires added security. NIPS can cost anywhere from a hundred dollars to thousands of dollars, this makes network intrusion prevention systems less viable for household use. If a person is considering buying a NIPS their network usage must be considered. Since NIPS redirect all network traffic, a higher end system would be helpful for preventing bottleneck and performance issues. A host intrusion prevention system would be recommended for household use and detection systems can be used by anybody with almost no downside.

Conclusion

Currently, there is a rapid increase in malware because of how much computers control in our lives. People need to know how to say secure, and what to do to stay that way. I’m glad I was able to research a topic like this so that I could inform myself about a topic that could help me get a job and to teach it to my peers, HIPS can help as an anti-malware program for household computers. HIDS can alert the user to suspicious activity on their computer, NIPS can defend a network from malware attacks and a NIDS can monitor a network to keep watch over a group of computers. It is important to know which option is best for you, if any is necessary, at an affordable price.

References

Snort Co.. (n.d.). Snort 2.9.7.6 is End Of life., https://www.snort.org/

DFAQ: What is Intrusion Detection? (n.d.)., https://www.sans.org/security-resources/idfaq/what-is-intrusion-detection/1/1

Ploaltonetworks WHAT IS AN INTRUSION PREVENTION SYSTEM? (n.d.). https://www.paloaltonetworks.com/cyberpedia/what-is-an-intrusion-prevention-system-ips

Suricata. (n.d.). Retrieved April 6, 2017, from https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Basic_Setup

Suricata on WordPress.com. (n.d.). Retrieved April 6, 2017, from https://suricata-ids.org/

P. (2008, October 30). Guide to Network Intrusion Prevention Systems. http://www.pcworld.com/article/144634/guide_network_intrusion_prevention_systems.html

Rouse, M. (n.d.). What is HIDS/NIDS (host intrusion detection systems and network intrusion detection systems)? - Definition from WhatIs.com, from http://searchsecurity.techtarget.com/definition/HIDS-NIDS

Veracode. (2016, February 04). Common Malware Types: Cybersecurity 101. https://www.veracode.com/blog/2012/10/common-malware-types-cybersecurity-101