If you’re not an I.T. wiz, some of the descriptions of the router security features might seem more like a foreign language than anything aimed at helping you decipher which integrated services router is right for your company. We’re here to help you understand the security features of a router by breaking them down for you one at a time. Let’s talk about IDS.
First off, what is IDS?
IDS stands for ‘intrusion detection system’ and is commonly used along with an IPS (intrusion prevention system) for maximum security protection, but doesn’t always have to. Some IDS’s stand alone, but do little to actually protect a network from intrusion. While an IPS is designed to actually shut down a network the moment an intrusion is detected to keep it safe, an IDS acts more as an observer. The IDS is passive. It simply examines packets of data traversing the network and it does so from afar—the IDS is located in a monitoring port. When the IDS sees something that doesn’t meet configured rules, it sets off an alarm. For systems with the IPS also, the IPS then kicks in and either shuts down the network or isolates the malicious traffic.
The problem with an IDS, other than it doesn’t do more than simply detect something bad has entered the network, is that it tends to be pessimistic—and often sees ‘good’ data as ‘bad’ data simply because it doesn’t recognize that the good data is good. That creates an atmosphere were false positives abound and like a car alarm that goes off not only when a thief is breaking in, but also when the wind hits it just right, or the rain, or a tree branch, administrators spend significant time dealing with things that aren’t problematic at all.
There are certainly some pluses to an IDS though. An IDS has the ability to detect more, and different types of attacks, that a simple firewall can’t. An IDS can sense data-driven attacks, host-based attacks, network attacks, unauthorized logins, and malware like worms, Trojan horses, and viruses. The reason they’re more sensitive is that IDS’s employ multiple methods in threat detection all at once.