Unix - Intrusion Detection Basics

1. What Is Intrusion Detection?

Intrusion Detection is the process of monitoring systems and networks to detect unauthorized access, attacks, or policy violations.

An Intrusion Detection System (IDS):

• Observes activity

• Identifies suspicious behavior

• Generates alerts (does not block by default)

2. Purpose of Intrusion Detection

• Detect hacking attempts

• Identify malware activity

• Monitor policy violations

• Provide early warning of attacks

• Support incident response and forensics

3. Intrusion Detection System (IDS)

An IDS is a security tool or software that:

• Monitors traffic or system activity

• Compares behavior against known attack patterns or baselines

• Raises alerts when threats are detected

4. Types of Intrusion Detection Systems

1️⃣ Network-Based IDS (NIDS)

• Monitors network traffic

• Installed at network choke points

• Detects attacks like:

  • Port scanning

  • DDoS

  • Packet sniffing

Examples:

• Snort

• Suricata