 Welcome to Intrusion Detection Systems. In this learning activity, we'll explore what these are, how they're configured, and the types of protection they provide. An Intrusion Detection System, or IDS, is any device or application that actively monitors your network for malicious activities and alerts you when it detects an attack. While there are different IDS types and configurations, each one records information, notify security administrators of unusual activity, and produces reports. Additionally, some IDSs can actually respond to and prevent attempted attacks. Most IDS software identifies threats using two common techniques, signatures and anomaly baselines. Just like any antivirus software, your IDS software keeps a list of malware signatures. It compares incoming threats to this list and blocks any attack that's on the list. IDS software also monitors your system or network for any abnormalities. It locates abnormalities by establishing a system baseline and looking for variations from that baseline. No matter the type of IDS software you're using, you need to let it run on your computer so it can establish a normal range baseline. IDS software can be installed in a number of different configurations. Let's say you run a small B&B. One common configuration is to place the IDS software before your firewall and your network. When it's on an individual workstation, it can detect any threat and immediately alert you. Because your business is small, a host-based IDS configuration works for your current network. The downside to individual hosting is it can slow down the computer. Just like actively scanning antivirus software slows down other operations, IDS software can bog down individual machines. Now, say you add a small boutique hotel to your business. You decide you need IDS protection but don't want it to bog down your employees' computers. In this instance, you should install a switch between your firewall and your network, which allows you to install a dedicated IDS. The switch mirrors the data going to the workstation and sends it to the IDS. This configuration protects your workstations, keeps them running at full processing speed, and keeps your employees and customers happy. A popular IDS software for both host-based and network-based configurations is Snort. This open-source IDS software is capable of real-time traffic analysis and packet logging. Snort alerts you once it's detected incoming malicious code. Regardless of the brand, IDS software is flexible, so you can change your configuration as your business grows. As a network administrator, you can install sensors and set up a variety of configuration in different parts of your network. You can set up a sensor to mirror all of the data that's flowing through one portion of your network. For instance, say you add a hotel to your growing empire. You segment your network into three areas, your DMZ, or public-facing portion, your corporate communications network, and finally, the free Wi-Fi you offer to your hotel guests. These three segments are distinct and don't touch each other. You install an IDS into each segment. In this configuration, the IDS functions as a sensor. It identifies any anomalies within one specific segment and sends you an alert if something malicious happens. Because you've hooked up your network correctly, you've created a dashboard and a central server so you can receive reports about malicious activity anywhere within your three distinct segments. IDS software offers two types of protection, active and passive. Active IDS software tries to prevent a hacker from gaining access to your system. For instance, if your IDS notices malformed web addresses coming through the wire on your hotel's public Wi-Fi segment, it identifies those as not allowed and actively blocks the originating IP address. The disadvantage is if a hacker is really clever, he or she can bombard your IDS software with malformed web addresses, which would force the IDS to shut down access to your server. This denies both malicious and legitimate internet use. Passive IDS software logs and reports potential attacks, but it doesn't actively respond to threats. It lets you make the final decision as to how to act. So if you don't have someone actively monitoring the logs, an attack may go unnoticed, which would give any hacker the time he or she needs to break into your system. As we mentioned earlier, some IDS software creates a baseline. It monitors the network activity in your hotel and uses this to create what's normal for your network. However, you still need to spend time tuning your IDS software. Too many false reports may cause you to ignore it, and not enough legitimate reports may allow a hacker into your system. Today, we've reviewed what intrusion detection systems are, how they're configured, and the types of protection they provide. You've completed intrusion detection systems.