Running Head: CYBER SECURITY 1

Justification for adding intrusion detection software

Student Name

Institution Name

Submission Date
Running Head: CYBER SECURITY 2

Content Description
Reasons why Intrusion Detection Software
(IDS) would benefit the company An intrusion detection system (IDS) would
benefit in terms to:
 Screens system traffic for suspicious and
doubtful activities and issue a caution when
these actions are found.
 Offer many advantages to associations,
commencement with the ability to tell apart
the security incidents.
 Help categorized and break down the amount
and types of assaults and incidents
 Data can be used by companies to enhance
their security frameworks or implement
efficiently successful controls.
 Help the organizations to be able to
distinguish issues and bugs according to the
configuration of their network device. These
abilities would then be of great use for
organizations to evaluate future dangers
(Patel, Qassim, & Wills, 2010)
The categories and models of prevention Active and passive IDS, Network Intrusion
systems and intrusion detection. detection systems (NIDS) and host Intrusion
detection systems (HIDS) are the most significant
classification of IDS.
 Active Intrusion Detection Systems
(IDS), also known as Intrusion Detection
and Prevention System (IDPS).
Interruption Detection and Prevention
Systems (IDPS) are designed in a way so
they can unsurprisingly block suspected
assault and there is no operator’s
mediation required for it to do so. A
passive IDS is a designed framework
which only monitors and then analyze
system traffic activity and if there is any
potential vulnerabilities for assaults and
attacks it alerts an administrator .
 Network Intrusion Detection Systems
(NIDS), comprises of a sensor or a system
apparatus. That has a Network Interface
Card (NIC) that card works in
uncontrolled mode and also it has a
separate interface for management.
 Host Intrusion detection system (HIDS)
Running Head: CYBER SECURITY 3

it can only monitors the workstations of an

individual on these stations operators are
established and introduced HIDS can't
screen out the system completely.
Framework of Host-based IDS can be
used to monitor any form of intrusion
attempts or any attack on critical servers
(Garcia-Teodoro, Diaz-Verdejo, Macia-
Fernandez, & Vazquez, 2009).
A description of the function of antivirus  IDS imply a framework that will be
software, firewalls, and IDS responsible for checking the behavior of a
system to distinguish and report any
unapproved intrusions, which can
influence the integrity of the system,
 Antivirus solutions allow identifications
of malicious code. A decent antivirus
arrangement should likewise identify
when a file has some sort of noxious
behavior to prohibit execution, and
subsequently avoid harm or theft of data.
 A firewall is security software that gives
you control to system traffic. It acts for the
most part channel system traffic between
the Internet and a specific gadget, and can
work in two unique ways: permitting all
system packets and just obstructing some
suspected files; or by denying all packets,
just permitting those that are viewed as
important (Fisch, White & Pooch, 2017).
Examples of commercial software that could  Solar Winds Security Event Manager –
provide the solution. it’s a functionality combination of both
HIDS and NIDS to give a user a complete
Security Information and Event
Management (SIEM) structure.
 Grunt - Cisco Systems provides and
allows using a framework that helps
detection of main system based intrusion.
 Suricata - it’s a framework of Network-
based intrusion identification that can be
utilized at the application layer for more
of notable perceive-ability.
 OSSEC – free to utilized and yet an
excellent host-based intrusion
identification structure.
 Bro – a system for Network monitoring
Running Head: CYBER SECURITY 4

and prevention of system based intrusion.

 Sagan – Device for log analysis that can
also integrate reports that are formed on
snort information, so it is basically a HIDS
with a hint of NIDS.
 AIDE – The abbreviation stands for
Advanced Intrusion Detection
Environment it’s a HIDS for Linux, Mac
OS and Unix.
 Security Onion – it’s a network security
tool that is made up from rudiments pulled
in from some other free tools and it’s a
network observing.
 Samhain – it’s a very Straightforward
HBID framework that’s for Linux, Mac
OS and Unix.
 Open WIPS-NG – it’s a wireless
intrusion prevention and NIDS framework
from the Aircrack-NG producers.
 Fail2Ban –it’s a lightweight recognition
framework that is for host-based intrusion
for Linux, Mac OS and Unix. (Andreas,
2005).

APA Note References:

Andreas, F. (2005). Intrusion detection

systems and intrusion prevention systems.
Information Security Technical Report, 134-139.

Fisch, E. A., White, G. B., & Pooch, U. W.

(2017). Computer system and network
security. CRC press.

Garcia-Teodoro, P., Diaz-Verdejo, J., Macia

Fernandez, G., & Vazquez, E. (2009). Anomaly-
based network intrusion detection: Techniques,
systems and challenges. Computers & security,
18-28.

Patel, A., Qassim, Q., & Wills, C. (2010). A

survey of intrusion detection and prevention
Systems. Information Management & Computer
Security, 277-290.
Running Head: CYBER SECURITY 5