Implementing Information Security requires a balance betweeen useability and control. Certain types of traffic need to be allowed through a firewall policy to enable critical functionality e.g. HTTP to you webserver. Many threats exist within these "trusted" protocols thus in the main negating the effectiveness of a firewall only security solution.
An intrusion detection system is used to detect these types of malicious behaviors that can compromise the security and trust of a computer system within permitted services. This includes network attacks against vulnerable services, data driven attacks on applications, host based attacks such as privilege escalation, unauthorized logins and access to sensitive files, and malware (viruses, trojan horses, and worms).
Intrusion detection systems generally function in either a passive or reactive capacity. A passive Intrusion Detection Systems (IDS) monitors data flow through its network sensors and will report on any suspicious or malicious data traffic it identifies. A reactive Intrusion Prevention System (IPS) will not only identify and log the suspicious or malicious data traffic but will also take steps to prevent the data passing futher by dropping or rejecting the connection in much the same way as a firewall would.
Although modern firewall systems may include IDS/IPS functionality as part of its Unified Threat Management (UTM) capabilities it is often benefitial or necessary to deploy dedicated systems to perform this function especially to detect data that may have initiated within the firewalled networks.
Cutecra are experts in the provision, integration, support and management of IDS/IPS systems. Cutecra recommend the following IDS/IPS solutions: