An IDS (or an Intrusion Detection System) is a system for detecting intrusions into the network or networks being protected within an organisation. It is usually a specific software program that is executed in the user's space and which probes the traffic reflected (a mirror port or SPAN) in a system interface or travelling between two interfaces connected by a bridge (a software switch). This traffic is analysed, looking for anomalies, specific signatures or suspicious behaviour.
The idea behind the IDS is to detect intruders and launch alerts without interfering with the organisation's traffic.
Article is closed for comments.