What is the Intrusion Detection System?
We have set up an Intrusion Detection System (IDS) at the external border router of SEASnet to monitor incoming network traffic for network-based attacks. VoIP, Skirkanich and all outgoing traffic are excluded from the initial rollout, but will be added over time. No traffic will be blocked or slowed by this service. The IDS will help us identify compromised computers and accounts on our network.
The IDS looks for specific network traffic patterns associated with known vulnerabilities, using a customized version of Snort. During an initial test, the IDS identified 2 compromised accounts right away.
If we find a compromised account or computer, the IDS will record traffic associated with the network stream so we can replay the attack. The IDS will only record traffic associated with attacks. We will avoid looking at personal data belonging to any SEAS people except as necessary to protect other people from attack.
Do not assume that the IDS will protect unpatched computers or services from attacks. You should continue to take precautions in securing your computer systems.
For more information about the software, see www.snort.org.