Security is Everyone's Job
IDS stands for intrusion detection system, which is a software or hardware device that monitors network or system activities for malicious or unauthorized behavior and alerts the administrator or takes action to stop it
IDS can be classified into two main types: network-based IDS (NIDS) and host-based IDS (HIDS)
A network-based IDS (NIDS) is a hardware device or software application that analyzes network traffic for signs of intrusion.
A NIDS typically consists of sensors that capture packets from the network and send them to a central analysis engine that applies rules or signatures to detect known or suspicious patterns.
A NIDS can also perform anomaly detection, which compares the current traffic with a baseline of normal behavior and flags any deviations.
Some examples of NIDS are Snort2, Cisco Firepower NGIPS2, and Hillstone Networks NIPS.
A host-based IDS (HIDS) is a software agent that monitors the activity on a specific host, such as a server or a workstation.
A HIDS can collect various types of data, such as system logs, file integrity, registry changes, user activity, and process behavior
A HIDS can also perform anomaly detection, which compares the current state of the host with a baseline of normal configuration and flags any changes
Some examples of HIDS are OSSEC, CrowdSec, and SolarWinds Security Event Manager.