bg_image
header

Intrusion Detection Systems - IDS

Intrusion Detection Systems (IDS) are security solutions designed to continuously monitor networks or computer systems and look for potential security breaches or attacks. The purpose of an Intrusion Detection System is to detect suspicious activities that may indicate an intrusion into a network or system, and subsequently trigger alerts or take actions to ensure security.

There are two main types of Intrusion Detection Systems:

  1. Network-based Intrusion Detection Systems (NIDS): These systems monitor the traffic within a network and look for anomalies or known attack patterns. They analyze packets being transmitted across the network to detect suspicious activities that may indicate an attack or security breach.

  2. Host-based Intrusion Detection Systems (HIDS): In contrast to NIDS, HIDS monitor activities on individual hosts or computers. They monitor system logs, file systems, and other system resources for signs of attacks or unusual behavior that may indicate a security breach.

An Intrusion Detection System can be either signature-based or behavior-based:

  • Signature-based IDS: These detect attacks based on pre-defined patterns or signatures of known attacks. They compare network traffic or system behavior to a database of known attack signatures and trigger an alert when matches are found.

  • Behavior-based IDS: These analyze the normal behavior of the network or system and look for deviations or anomalies that may indicate potential attacks. They operate on the principle that attacks often cause unusual activities that deviate from normal operational behavior.

Intrusion Detection Systems play a crucial role in monitoring and securing networks and computer systems by responding early to potential threats and detecting security breaches to take appropriate countermeasures.

 


Slowloris Attack

A Slowloris attack is a form of a "Low-and-Slow" attack that aims to overload a web server and prevent access to it by tying up all available connections to the server. In a Slowloris attack, the attacker sends many HTTP requests to the server, but does so extremely slowly by intentionally delaying the data transfer.

Typically, the attacker opens many connections to the server and keeps them open by sending only part of the request and then leaving the connection open by sending additional parts of the request slowly or simply not sending any further data. This way, all available connections to the server are tied up, preventing legitimate users from establishing a connection since there are no free connections available.

This attack is particularly effective against web servers that do not enforce a limited number of connections per user or IP address and rely on the server's resource availability to serve requests. However, a well-configured web server can detect and mitigate such attacks.