Now that we have a working firewall with most of the basic features set up, we are feeling pretty secure. Surely no malicious intruder could get past these defenses on our network. What if they did though? How would we know? What would we do?
These are questions that an Intrusion Detection System (IDS) tries to answer; it detects when things don't go entirely to plan in regards to network security and logs any suspicious activity that it recognizes, so that we can effectively deal with a security incident.
There are a variety of Intrusion Detection Systems in the market ranging from the enterprise-level managed-network monitoring solution to a simple on-the-host logging system. There is also a distinction between an Intrusion Prevention System (IPS) and an IDS. An IPS goes one better than the IDS and attempts to block an attack in progress whereas the IDS attempts to log the attack and optionally notify a responsible party to employ...