An Intrusion Detection System (IDS) is a cybersecurity tool that monitors a network or system for malicious activity, policy violations, or other security breaches. If such activity is detected, the IDS can alert the system administrator or take predefined actions, such as logging the event or blocking access. IDS is categorized into two main types:
-
Network-based Intrusion Detection System (NIDS): Monitors network traffic for suspicious activity. It examines data packets moving across the network, looking for patterns that indicate an attack, such as scanning, unauthorized access, or abnormal traffic flow.
-
Host-based Intrusion Detection System (HIDS): Monitors activity on a single host or device. It tracks changes to critical files, system logs, and configurations, alerting administrators to any unauthorized activity on that specific host.