Types of Intrusion Detection Systems

There are two types of IDS:

  1. Host-based IDS (HIDS): Protects the end-system or the end-network resources. This is normally a software-based deployment where an agent is installed on the local host that monitors and reports the application activity.
    • HIDS monitors the access to the system and its application and sends alerts for any unusual activities.
  2. Network-based IDS (NIDS): Monitors network traffic for attacks. A Network IDS is deployed on the network near a firewall or even inside the trusted internal network. It checks each and every packet that is entering the network to make sure it does not contain any malicious content which would harm the network or the end system.
    • A NIDS sniffs the network traffic continuously. The traffic is matched against known signature profiles and if there are any abnormalities found in the traffic, then a NIDS triggers an alarm to the management console.

A Intrusion Prevention System (IPS) is an extension of an IDS that is used to prevent (and, sometimes, correct) intrusion. IDS only performs detection whereas IPS protects the network from intrusion by dropping a packet, denying entry to a packet, or blocking the connection. Together, an IPS and an IDS monitor the network traffic for malicious activities.