“Chishiki” is Japanese for “knowledge.” e-chishiki.com aims to bring software developers, information security professionals, IT executives and other IT pros a rich body of knowledge in the form of articles, interviews, tutorials and technical discussions. Our contributors are among the biggest names in the Indian IT industry and include noted authors, educators and practitioners.
Weekly e-Security Series - Web Application Security
Is an IDS Implementation Effective in Tackling Web Attacks?
Vijay Mukhi
Index
- Evolution of Intrusion Detection Systems (IDS)
- Snort
- IDS Fails with Web Application Attacks
- Need of the Hour: A Complete Makeover for IDS
Evolution of Intrusion Detection Systems (IDS)
An IDS looks at its database of signatures/rules and alerts a company of any incoming attack to its networks. This concept was introduced in the early days of the Internet when attackers targeted loopholes in the design of networking protocols, like IP, TCP, ICMP, and UDP, etc., and flaws in operating systems. Attacks like buffer overflow, SYN flooding, Denial of Service etc. were on the rampage then. The basic design of IDS was to simply raise an alarm when it detected any attack on company networks and the operating systems at the lower level.
In course of time, when the loopholes in the operating systems were patched, the line of attack moved towards the business layer. The new genre of attacks is now on applications which are web-based or use the HTTP protocol; a protocol pretty high up in the protocol chain. It goes without saying that with the change in the attack vector, the existing rules of IDS had to be re-written and new signatures and patterns had to be introduced. The net result was that the IDS evolved into a product completely different from its original design.
