Managed Intrusion Detection Services (IDS)

Conexim offers managed intrusion detection services (IDS) protection as a part of a comprehensive suite of management and security services.

An Intrusion Detection System (or IDS) is used to detect malicious or unwanted network traffic and computer usage. It differs from a firewall in that a firewalls primary objective is prevention, whereas an IDS detects intrusions that have taken place and raises an alert. This is done by inspecting inbound and outbound network traffic and identifying suspicious patterns of activity as the signature of an attack or intrusion. In addition to raising an alert, an IDS is also capable of being reactive, terminating the suspicious behavior or adding/modifying firewall rules to block the suspected malicious activity.

Two common types of IDS are network-based and host-based systems. They differ in that network-based IDS monitor network traffic by analysing individual packets traveling through the network. Host-based IDS is most often a software package residing on the host which concentrates solely on monitoring all activity on the host itself.

Network-based intrusion detection systems (NIDS) detect activity such as hacking attempts, port scans, and denial of service (DoS) attacks. By monitoring all inbound and outbound network traffic on a packet by packet basis, suspicious patterns of activity can be identified, setting off the alarm of a possible hacking attempt.

Host-based intrusion detection systems (HIDS) focus solely on the host, monitoring the internals of the system. By analysing the behavior of the systems programs and resources it can determine if any activity breaches the security policy or operating systems rules, which is then identified as malicious actions and the alarm triggered. Additionally, it protects against hacking attempts which originate internally to the network.

Recent security alerts