You should log in and post some comments! The link is up there in the toolbar. Go nuts!
Advantages and Disadvantages to IDS (Intrusion Detection System)
An intrusion detection system (IDS) provides a comprehensive defense for computer networks, protecting from threats such as phishing, information mining, identity theft, and network hacking. The protection software is used by large businesses and government agencies in order to keep information secure, as well as to monitor the activity of their employees to keep track of any misuse of facilities. Those are the advantages. However, the intrusion detection system does have its negative aspects. The IDS can find it difficult to distinguish malicious activity from friendly or accidental activity, and can put your network into lockdown, potentially causing big losses. Yes, an MS in information security covers concepts such as these, but for those without extensive background knowledge, this can all be a little confusing. Let’s take a closer look at some of the advantages and disadvantages of IDS. Constant Security Monitoring Intrusion detection systems are constantly monitoring any given computer network, searching for signs of invasion and any activity that is deemed to be abnormal. This 24/7 protection means that the systems are constantly secure and protected from outside threats, even outside business hours, when the user is sleeping or away from the computer which is connected to the network. Network access, user information and firewalls are constantly working and updated by IDS. System Versatility Because the intrusion detection system is extremely versatile and customizable, it can accommodate the needs of individual clients. Users can custom-build network security in order to monitor very particular activities; anything from examining suspicious or uncertain activity patterns to preventing high threat attacks to the network. They can even monitor the activity of users inside the network to make sure there is nothing malicious going on, so IDS works inside and outside the system to locate threats. Separating Friend from Foe The main disadvantage of IDS is that it is unable to decipher malicious threats from friendly usage. This can give the IDS the impression of seeming overly paranoid, and users working within the system can be flagged for harmless activity which may result in a 'lock down' as the network comes to a full stop. This kind of false alarm could mean the system is down for hours until an IT professional (perhaps called from off-site) has been able to rectify the problem and reset the whole system. If a business is dependent on its network and works to strict deadlines, this can mean an unprecedented and expensive loss, perhaps even impacting on customer relations. In the worst case scenario, important clients may take their business elsewhere next time, all because of an overly paranoid IDS. Source Addresses The IDS works by providing information based on a network's address associated with an IP packet that the network receives. But this only works if the network address within the IP packet is the right one. It could be inaccurate, faked or scrambled. This means the IT technician could be left on a wild goose chase, unable to stop network intrusions going on. Encrypted Packets The IDS is unable to process encrypted packets. Therefore, if a packet is encrypted, it can allow for an undetected intrusion to the computer network, which is only later discovered when the problem becomes more apparent. Once encrypted packets are planted into the network, they could be activated at a later time, releasing any number of viruses or bugs. If intrusion detection software could process encrypted packets, this problem could be avoided. Analytical Module Limits The analytical module is somewhat limited when it comes to analyzing source information which is collected during the intrusion detection process. This means the source information is only partially buffered. If suspicious activity is being monitored by a technician, they will know abnormal behavior is detected, but they won't be able to tell the exact source.
