Security risks have grown dramatically for Internet
service providers because entire infrastructures are based on
open standards systems. As a result, ISPs need to be able to quickly
and accurately detect unauthorized changes and respond accordingly,
in order to maximize security and minimize downtime.
Intrusion Detection Systems (IDS) remain relatively
youthful, but in terms of development they are growing at an extraordinary
Generally speaking, there are four different categories
of intrusion detection systems—network instruction detection,
system integrity verifiers, log file monitors, and deception systems.
Network intrusion detection systems (NIDS) monitor
packets traversing the system in an attempt to discover anomalies,
indicating that an intruder trying to break into a system, or
worse—launch a distributed denial of service (DDoS) attack.
NIDSs look for frequent connection requests to different ports
to reveal port scans.
System integrity verifiers (SIV) monitor system
files in an attempt to discover when an intruder changes the files—leaving
behind a backdoor. A SIV may be capable of detecting changes in
critical files, but these systems usually don't generate real-time
alerts to network intruders.
Log file monitors (LFM) simply monitor log files
generated across network services. LFMs also look for patterns
and anomalies in log files that suggest an intruder is attacking
The sole purpose of a deception system—known
in the industry as decoys, fly traps and honeypots—is to
lure an unsuspecting intruder into a network through well-known
security holes and trap the intruder.
Whether you need a simple intrusion alert system
and network anomaly reports, or need to defend your network against
DDoS attacks, smurfing, ping floods and the like, it's a imperative
that you prepare a line of defense today or risk having your business
be exploited by some script kiddie tomorrow.