Intro to IDS

introduction:
An Intrusion detection system (IDS) is software and hardware designed to detect unwanted attempts at accessing, manipulating, and disabling of computer systems, mainly through a network, such as the Internet. These attempts may take the form of attacks, as examples, by crackers, malware and disgruntled employees. An IDS cannot directly detect attacks within properly encrypted traffic.

type of IDS
host-based intrusion detection system (HIDS)
The systems monitor all or parts of the dynamic behavior and the state of a computer system. The system is an agent that monitors whether anything/anyone - internal or external - has circumvented the security policy that the operating system tries to enforce.

protocol-based intrusion detection system (APIDS)
This system is an intrusion detection system that focuses its monitoring and analysis on a specific application protocol or protocols in use by the computing system. The system will be located in the typical place between a web server and the database management system, monitoring the SQL protocol specific to the middleware/business logic as it interacts with the database.

network intrusion detection system (NIDS)
This system is an intrusion detection system that tries to detect malicious activity such as denial of service attacks; port scans or even attempts to crack into computers by monitoring network traffic. The NIDS does this by reading all the incoming packets and trying to find suspicious patterns. network intrusion detection systems work with other systems as well, for example update some firewalls' blacklist with the IP addresses of computers used by (suspected)crackers. The system certain DISA documentation, such as the Network STIG, uses the term NID to distinguish an internal IDS instance from its outward-facing counterpart.

protocol-based intrusion detection system (PIDS)
This system is an intrusion detection system which is typically installed on a web server, and is used in the monitoring and analysis of the protocol in use by the computing system. A typical use for a PIDS would be at the front end of a web server monitoring the HTTP (or HTTPS) protocol stream. Because it understands the HTTP protocol relative to the web server/system it is trying to protect it can offer greater protection than less in-depth techniques such as filtering by IP address or port number alone, however this greater protection comes at the cost of increased computing on the web server. Basically this system is monitoring and analyzing the communication between a connected device and the system it is protecting.