Using network-intrusion detection software is one of the best ways to protect a computer network. While corporations use this software to identify malware and viruses, they rely on it more to detect more complicated attacks, such as data- driven attacks on applications and unauthorized logins. Network-intrusion detection software can be proactive or passive. If it’s proactive, it can reboot a server or change the device’s configurations so as to prevent an intruder from invading the network.
Network-intrusion detection software
Network-intrusion detection software closely tracks and investigates traffic on a network. It monitors for malicious activity, such as malicious SQL (structured query language) injections or DoS (denial of service) attacks.
Network-intrusion detection software can be considered a passive response. A passive response system identifies the suspicious activity, logs the data and notifies the system administrator. It is then up to the administrator to take the next step to stop the attacks from occurring.
Network intrusion-detection software can also be proactive. This is known as action response, or reactive. An active-response system takes action against suspicious activity. After it detects an attack, an active-response system can change the network device's settings, such as firewalls or routers, reboot the server or close ports and connections.
Network-based, intrusion-detection software examines all network traffic. It also keeps track of multiple hosts. Network-based, intrusion-detection software is attached to a network device, such as a network switch or hub. This is how it can access and monitor network traffic.
Host-based, network-intrusion detection software monitors suspicious activity on a host, which is a local system. The host-based, intrusion-detection software identifies intrusions by analyzing application logs or system log files.
Firewalls block intruders from accessing the network. They work closely with routers, analyzing network packets and deciding if they should forward the data to the destination. Firewalls can be either software or hardware. Firewalls are not known for being as proactive as network-intrusion detection software.