An intrusion detection system (IDS) monitors network devices in order to grant security administrators the ability to identify attacks in progress and take appropriate action to protect a network. In order for users on a network to access a web server on the internet, the firewall must allow traffic through port 80. However, this open port is often used as an attack vector for hackers and malware to gain access to your network. An IDS examines this traffic and compares it with known exploits; similar to how antivirus software uses known virus signatures to identify threats. When the intrusion system detects a match to a known exploit, it sends an alert to the security or web server administrator so they can take action. Intrusion prevention systems (IPS) are very similar to IDSs, but as opposed to just sending an alert, these systems go one step further and automatically take action to prevent an intrusion.
“If it is online, it can be hacked!” This phrase has served as the motivation for both hackers and security professionals for years. Every network has its weaknesses and vulnerabilities that hackers can exploit to gain access to your network. The only way to completely avoid a potential attacker is to pull the network cable. However, depending on the circumstances, doing this could actually create the exact denial of service result the attacker intended.