Let's talk about the Intrusion Detection System (IDS) and why a firewall isn't enough to prevent you from attacks.
If a Firewall is the bouncer at your network's front door, an Intrusion Detection System (IDS) is the "digital Sherlock Holmes" inside the party. 🕵️♂️💻
Most people think a firewall is enough. It's not. Here’s why your network needs a nosy neighbour: 🧵
Think of it this way:
🧱 Firewall: Blocks or allows guests based on the list (IPs/Ports).
🔎 IDS: Watches everyone inside the party. It doesn't stop them, but if someone starts picking a lock or hiding in a closet, it screams for help.
It’s a surveillance camera, not a barrier.
There are two main types we study in my Cybersecurity MSc:
🌐 NIDS (Network-based): Scans all traffic flowing through the house.
🖥️ HIDS (Host-based): A private eye sitting on a single computer, watching for file changes/unauthorised logins. Most robust systems use the two to prevent blind spots.
How does it "see" threats?
1️⃣ Signature-based: Like a "Most Wanted" list. If a known hacker's signature matches, the alarm rings.
2️⃣ Anomaly-based: It learns what "normal" behaviour looks like. If I usually log in at 9 AM and suddenly someone logs in as me at 3 AM from a new IP? Alert!
💡 The Pro Tip: If you want your IDS to actually do something, upgrade to an IPS (Intrusion Prevention System) It doesn't just bark; it bites (blocks the threat in real time).
Have you ever set up an IDS, e.g., Snort or Suricata? Let’s talk about the nightmare of false positives!👇
Top comments (0)