What is an Intrusion Detection System?

IDS

• Basically, IDS is any software program that looks for unusual activity on the network and reports it either to a network administrator or the user of the computer on which it was detected. Depending on the program and its settings, it is up to the administrator or you, the computer user, to determine whether the information presents a threat.

NIDS

• In much the same way anti-virus software works, NIDS find known nasty bugs trying to sneak onto your hard-drive and stops them. Since the software is applied at the network level and check all incoming and outgoing traffic, it is prone to traffic jams. As anyone who has driven in New York or Los Angeles knows, it can back everything up to a snail's pace.

HIDS

• HIDS monitor only the host computer user and sometimes the administrator of the network and only raise a red flag on questionable Internet usage to the user or administrator. No corrective steps are offered.

SIDS

• SIDS scans for known signatures of programs known to cause mischief.
  The problem, as with most IDS programs, is that it can't find what isn't already identified. That means a new virus can infect your system until it has been identified, making identification too late. It's already in and doing bad things. It works along the same lines as many virus protection software commercially available. Hopefully, along with the detection software that would be developed identifying the newfound malicious program, a software fix would also be developed to rid your computer of the problem.

AIDS

• Think of this program as a CAT scan of the blood-flow of your entire circulatory system. If the blood flows in a funny way, backward instead of forward, or if it's not getting to some places that it should, your doctor will tell you that you have a problem. The same with AIDS, it looks at the usual flow of information through various ports, using various protocols; when things don't look right, the computer doc will tell you.

RIDS

• 

  Sticking with a biological analogy. Think of your body getting an infection. The first thing your body does is send in anti-bodies to fight back whatever the ailment. The same with RIDS. It takes reactive measures to fight off the virus infecting your computer. Often that means it will cut off the source of the infection, shutting down a portal or IP address.

What can be done

• There are many virus detection programs available on-line, but none is 100 percent effective and others can be cumbersome for the computer novice. Many computer whiz kids will advocate password protection for your hard drive, which, in most ways, will allow you to rebuild all your programs even if the most malicious virus attacks. It also means you have to sign on to the hard-drive every time you want to use the computer, which can be annoying but less so than a computer left in tatters. Numerous commercial identity-theft companies will help prevent fraudulent use of your identity and could save you a lot of time and money. There is also a free and highly recommended RIDS program available at snort.org that works with both Linux and Windows.