ABOUT THE COURSE

An Intrusion Detection System (IDS) generally detects unwanted manipulations of computer systems, mainly through the Internet. The manipulations may take the form of attacks by crackers.

An intrusion detection system is used to detect several types of malicious behaviors that can compromise the security and trust of a computer system. This includes network attacks against vulnerable services, data driven attacks on applications, host based attacks such as privilege escalation, unauthorized logins and access to sensitive files, and malware (viruses, trojan horses, and worms).

IDS is composed of several components:

* Sensors which generate security events

* Console to monitor events and alerts and control the sensors

* Central Engine that records events logged by the sensors in a database and uses a system of rules to generate alerts from security events received.

There are several ways to categorize IDS depending on the type and location of the sensors and the methodology used by the engine to generate alerts. In many simple IDS implementations all three components are combined in a single device or appliance.