Related stories

Implementation Measures of the "Rules of the People's Republic of China on Customs Protection of Intellectual Property Rights" Decision on Amendments to the Law of Judges of the People's Republic of China A Tale of Two Williams: Revisiting the Wonderful, Withering Glory of the Great Wall Anti-dumping Regulations of the People's Republic of China (Revised) Voice of Satisfaction Analyst shares unique insights with city business community

The Future of IDS

IDS (Invade Detect System) detect invasive activity using Mode Match Technology, which can compare the collected information with known network invader information. The other way to detect invasive data is by abnormal checking technologies. Abnormal checking technologies are used to make a common description for system attribution. Checks of average values of collected information are compared with common descriptions of the system attribution. If the average value of collected information is out of the common scope, IDS will judge it to be invasive information.

Although IDS is a key product in network security, it does not play a true role in and of itself. In China, customers of IDS are the government and some other special industrial sectors. Common customers seldom consider purchasing IDS equipment. Because it sells to special customers, IDS’s cost is higher than that of other network products such as firewalls. So security producers would like to produce IDS.

However, there exits many problems in the IDS use process:

Ø        The precautions effect is not distinct. Although IDS equipment is setup, data loss and host computers can be controlled by existing invaders because of its abnormal checking technology. Sometimes if a producer does not load the latest invasive data description or if a producer loads invasive information but IDS users do not update their databases, the new invasive activity will not be checked out. 

Ø        Many wrong reports: After using IDS, reports of increased invasive activity will increase. Network administrators will spend more time analyzing the invasive attempts, but maybe, at last, there will be no invasive activity and the network administrators will have no reports to read.

Ø        For these reasons, IDS is not a mainstream product for networks and is mostly a complement to a firewall.

How to make use of the IDS?

Ø        Renew the invasive characteristics base of the producer. If a customer purchases IDS but does not take care with new invasive descriptions and there is no record, the IDS will not play its real role in blocking invasions.

Ø        Analyze the daily records of IDS. Even though there is much wrong information in the records, the records still have a value. By analyzing daily records, we can find weak links in a network and take preventive measures in advance. If a customer suffers from daily records, they can detect an invasive threat and its actions by viewing the IDS doubtful record produced by IDS.

If a customer has not purchased IDS, before purchasing it they should consider whether the network needs IDS. Generally speaking, when a basic instrument such as firewall exists, the system needs high security protection, and they can purchase the IDS equipment.

In all, IDS will exist for long time and will play an important role in network security. It will be integrated in all kinds of network products and will become one part of a set of amalgamated network products.