Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IDS Deconstructed

Two years ago Gartner sounded a death knell for IDSs, saying the technology would be obsolete by 2005. But someone forgot to forward the memo to IT buyers--the intrusion detection system is still very much alive.


Gartner's proclamation spawned valuable debate: Some vendors touted the IDS (and subsequently the intrusion-prevention system) as a magic security wand--much like the firewall before it. That concept of the IDS is indeed dead--and good riddance. Security problems go wide and deep, and many defensive systems, policies and methods must be interwoven. But IDSs do have a place in your enterprise. We also have a plan for a DIY IDS (Download our sample scripts for IDS use).

In essence, an IDS is like a toothless guard dog--it can tell us of possible threats but can't do anything about them on its own. Whether it uses statistical analysis, monitors a host's files or logs, or merely looks for known bad patterns amid the flow of network traffic, an IDS is a passive detection device. An IDS by itself, therefore, is good only for raising alerts. It can't stop the exploits it detects, identify weaknesses in systems pre-exploitation, or cajole system administrators into fixing security lapses that leave you open to security incidents. An IDS is best deployed as a cog in a defensive system.

  • 1