An intrusion detection system has a number of sensors that is used to detect unwanted or unexpected flow of network traffic, the major sensors as follows:
Intrusion detection system works by collecting information and then examining it.IDS collects data from it sensors and analyze this data to give notice to the system administrator about malicious activity on the network.
How Intrusion Detection System Works?
1. NIDS (Network Intrusion Detection Systems).
2. HIDS (Host Intrusion Detection Systems)
There is still a question, why we use IDS if there is firewall to perform these tasks, Firewall is used to stop unwanted traffic from entering or leaving the internal enterprise network, where as the IDS is deployed to monitor traffic in vital segments in the network, generating alerts when an intrusion is detected.
A firewall has got holes to let things through, without it you wouldn't be able to access the Internet or send or receive emails, there are different ways to bypass or cheat a firewall.
Snort is an excellent open source Network Intrusion Detection System, OSSEC is an Open Source Host-based Intrusion Detection System.
Below is an an overview of the basic architecture as well as practical examples of how to customize Open Source Host-based Intrusion Detection System to manage logging from your infrastructure and applications.
Video On Intrusion Detection System
I will be coming up with next tutorial on it soon ...