Intrusion Detection Systems – The First Line of Defense
If you haven’t noticed, it’s a dangerous world out there, with everyone from spies to thieves to cyber criminals taking aim at property both real and intellectual. While in the past, the first line of defense involved guard dogs, minefields and guys with guns, in today’s digital world, the majority of defense systems are electronic. Referred to in the security business as Intrusion Detection Systems, or IDS, these cyber sentinels are hardware or software-based defense mechanisms that are designed to monitor and report on potentially nefarious activities that may occur at facilities or on computer systems worldwide. Some of these systems and are intended only to monitor activity, while others are more proactive and are tasked with real time threat deterrence.
Eye See You
Passive IDS includes such components as security cameras, motion detectors, thermal imaging systems, radar, card readers and keypad systems that are designed to monitor and limit entry to facilities. Think of these systems as a kind of firewall used to keep out unwanted guests. Just like systems designed for online protection, IDS have grown more automated over time with the addition of such things as voice recognition, facial recognition, license plate scanners and more.
In reactive systems, also known as Intrusion Prevention Systems (IPS), the ability to respond in kind to suspicious activity is hardwired into the matrix. Like watch dogs, these systems not only observe, they are tasked with providing feedback to system operators and security personnel.
One such system is Vindicator by Honeywell.
“The V5 IDS solution consists of the V5 IDS server, required downstream I/O, Vindicator Command and Control (VCC) operator interface and local I/O modules to suit any size application. Built on the V5 Network Security Appliance, the Vindicator IDS solution is the central control unit for enterprise-wide security needs. The V5 IDS server receives input directly from sensors connected to Vindicator field transponders, from V5 ACS servers, and from third-party systems. It also directly controls advanced assessment solutions such as CCTV and thermal-imaging systems, ground and water-based radar systems. The V5 IDS server processes events and sends relevant information to one or more VCC consoles for operator interaction, response and dispatch.”
Another is OnGuard by Lenel.
“Lenel’s OnGuard physical access control system has taken a leadership position in the federal government market by providing solutions emphasizing security and conformity to the advanced standards government agencies demand. By implementing the OnGuard solution, agencies choose an access control portfolio that has been built around years of government initiatives and directives, such as the DoD CAC identification standards to the latest HSPD-12 PIV processes. With a wide range of highly rated software and hardware solutions, from access control to complete identity management to advanced video analytics and forensics, the OnGuard platform performs as one of the industry’s top federal government solutions.”
With the proliferation of cyber warfare grade viruses and worms such as Stuxnet, everyone from cyber criminals to hacker collectives have access to disruptive software that once was relegated only to intelligence agencies. As a result, software and hardware-based systems are now available to counter this ever growing threat. Some of these systems are stand alone, while others are also integrated into the physical threat detection system.
For the purpose of dealing with IT, there are three main types of Intrusion Detection Systems:
- Network Intrusion Detection Systems (NIDS) is an independent platform that identifies intrusion by examining network traffic and monitors multiple hosts. NIDS gain access to network traffic by connecting to a network hub, network switch or network tab. In a NIDS, sensors are located at the choke points in the network being monitored. Sensors capture all network traffic and analyze the contents of individual packets for malicious traffic.
- Host-based Intrusion Detection Systems (HIDS) consist of an agent on a host that identifies intrusions by analyzing system calls, application logs, file-system modifications and other host activities. HIDS sensors usually consist of a software agent.
- Stack-based Intrusion Detection Systems (SIDS) consist of an evolution to the HIDS system. The packets are examined as they go through the TCP/IP stack. This means that it is dependent on the operating system being used.
- When faced with daily threats both on and offline to facilities and servers, the battle for supremacy is never ending. Much like the Cold War that ended nearly twenty five years ago, when it comes to protecting the security of individuals and nations, the best defense is the first line of defense called constant vigilance.
This post was originally published on February 13, 2013.