Intrusion Detection & Prevention

Intrusion is unwanted or unauthorized interference with data, a device, or a system. Being such, intrusion normally comes with bad intentions, such as disrupting a system's activity, stealing sensitive data, or modifying critical information.

An Intrusion Detection System (IDS) is a hardware and/or software solution that detects intrusion into a system or network. An IDS usually complements the activity of a firewall installed in the system.

An IDS inspects each and every packet by peeling it all the way down to its "data content" part, which is inspected for any malicious code. Afterwards, the packet is reassembled back to its original form and sent on its way.

Why do we use an IDS? Just as you don't want to sit the whole day searching youself for malware in a program's code, you'd also wish to 'automate' the process of searching for malware in packets, a goal that an IDS achieves.

Why not just using a firewall? Being considered a 'basic guard', a firewall is a necessary of a network security system but is insufficient on its own. Most of the modern networks have IDS as an essential part of the security architecture.