![Intrusion Detection System (noun) [Word Notes] - Hacking Humans cover](/_next/image?url=https%3A%2F%2Fmegaphone.imgix.net%2Fpodcasts%2Ff1c93eb4-f488-11f0-a4b6-7b0a093f056e%2Fimage%2F441b0ca2db080b93b935568d381ce462.png%3Fixlib%3Drails-4.3.1%26max-w%3D3000%26max-h%3D3000%26fit%3Dcrop%26auto%3Dformat%2Ccompress&w=1920&q=75)
Transcript
Cyberwire Host (0:02)
You're listening to the Cyberwire Network powered by N2K. When it comes to mobile application security, good enough is a risk. A recent Survey shows that 72% of organizations reported at least one mobile application security incident last year and 92% of responders reported threat levels have increased in the past two years. Guard Square delivers the highest level of security for your mobile apps without compromising performance, time to market or user experience. Discover how Guard Square provides industry leading security for your Android and iOS apps at www.guardsquare.com.
Rick Howard (0:57)
The word is intrusion detection. Spelled intrusion as in unwanted entry. Detection as in identifying the presence of something and system as in a technology for a specific purpose. Definition A system that monitors for malicious or unwanted activity and either raises alerts when such activity is detected or or blocks the traffic from passing to the target. Example sentence the intrusion detection system flagged malicious use of cobalt strike. Origin and context Dr. Dorothy Denning is one of the early computer science and security pioneers. According to Purdue University, where she received her PhD, Denning's early research in the 1970s and 1980s laid the early foundations of cryptology, information warfare and data security. She published one of the early college textbooks on Cybersecurity in 1982 and she invented the idea of lattice based access controls, an early model for restricting access to data, in 1975. But in 1984 she and a colleague Peter Neumann developed the first intrusion detection expert system for SRI International, which could analyze host and network data. Two years later in 1986, she published her paper An Intrusion Detection Model, which laid the foundation for the first commercial intrusion detection tools. Today, intrusion detection systems can be either host based or network based and look for malicious intrusions and either with known signatures or by looking for anomalies. A host based IDS is placed on a single system and its purview is restricted to a single computer. A network based IDS inspects traffic traversing across the entire network. In the early 1990s, network intrusion detection systems were stand alone hardware boxes that security practitioners placed in the security stack that normally sat between the user and and the Internet. Today, standalone systems still exist, but also modern firewalls have that functionality built in as an added subscription service. Intrusion detection systems have been a staple of security stack deployments since the early days, but unfortunately they're not perfect. Configured improperly, they can generate volumes of false positives that SOC analysts have to sift through, and there is always the possibility that the system doesn't notice an attack in progress, a false negative, as they say. Nerd Reference There is an excellent YouTube channel called Professor Messer that produces quality and free content that explains all things related to it and computer security. If you're studying for some certification, browsing the shows on the Professor Messer channel might well be worth your time. In 2017, James Messer, the host, did a segment on intrusion detection systems.