Intrusion Prevention and Intrusion Detection Systems
Intrusion prevention systems (IPSs) and intrusion detection systems (IDSs) are important considerations for any smart hacker. It is important for you, as a hacker, to cover your tracks and keep a low profile—as in no profile at all. It should be common sense, but consider this: If instead of tiptoeing around a network, you slam the network with ARP requests, ping sweeps, and port scans, how far do you think you’ll get? Exactly! Not far at all. IPSs and IDSs are network appliances put in place to catch the very activity that serves our purposes best. The key is to walk lightly, but still walk. First let’s familiarize ourselves with IPS and IDS basics; if you know how something works, you can also learn how to circumvent its defenses.
The goal of an IDS is to detect any suspicious network activity. The keyword here is detect. An IDS is passive in nature; it senses a questionable activity occurring and passively reacts by sending a notification to an administrator signifying something is wrong. Think of it as a burglar alarm. While a burglar alarm alerts you that a burglar is present, it does not stop the burglar from breaking in and stealing items from you. Although such an appliance is passive, the benefit of using it is being able to reactively catch potentially malicious network activity without negatively impacting the operation of the network as a whole. The obvious drawback is that the only response such an appliance creates is a notification. IPSs, on the other hand, are proactive and preventive. Not only does an IPS sense potential malicious activity on the network, it also takes steps to prevent further damage and thwart further attacks.