What is Intrusion Detection?

Intrusion Detection can be defined as "the act of detecting actions that attempt to compromise the confidentiality, integrity or availability of a resource." More specifically, the goal of intrusion detection is to identify entities attempting to subvert in-place security controls.

Network Based (Network IDS)
Network based intrusion detection attempts to identify unauthorized, illicit, and anomalous behavior based solely on network traffic. A network IDS, using either a network tap, span port, or hub collects packets that traverse a given network. Using the captured data, the IDS system processes and flags any suspicious traffic. Unlike an intrusion prevention system, an intrusion detection system does not actively block network traffic. The role of a network IDS is passive, only gathering, identifying, logging and alerting.

Host Based (HIDS)
Often referred to as HIDS, host based intrusion detection attempts to identify unauthorized, illicit, and anomalous behavior on a specific device. HIDS generally involves an agent installed on each system, monitoring and alerting on local OS and application activity. The installed agent uses a combination of signatures, rules, and heuristics to identify unauthorized activity. The role of a host IDS is passive, only gathering, identifying, logging, and alerting.

Physical (Physical IDS)
Physical intrusion detection is the act of identifying threats to physical systems. Physical intrusion detection is most often seen as physical controls put in place to ensure CIA. In many cases physical intrusion detection systems act as prevention systems as well. Examples of Physical intrusion detections are:

• Security Guards
• Security Cameras
• Access Control Systems (Card, Biometric)
• Firewalls
• Man Traps
• Motion Sensors

Intrusion Prevention
Intrusion prevention follows the same process of gathering and identifying data and behavior, with the added ability to block (prevent) the activity. This can be done with Network, Host, and Physical intrusion detection systems.

How to boost your malware defense and protect your PC

1. Install antivirus and antispyware programs from a trusted source
2. Never download anything in response to a warning from a program you didn't install or don't recognize that claims it will protect your PC or offers to remove viruses. It is highly likely to do the opposite.
3. Get reputable anti-malware programs from a vendor you trust.
4. Windows 8 includes antivirus protection called Windows Defender. It’s turned on by default.
5. If your computer is not running Windows 8, download Microsoft Security Essentials for free.
6. Choose security software that is compatible with Windows 7.

Update software regularly
Cybercriminals are endlessly inventive in their efforts to exploit vulnerabilities in software, and many software companies work tirelessly to combat these threats. That is why you should:

• Regularly install updates for all your software antivirus and antispyware programs, browsers (like Windows Internet Explorer), operating systems (like Windows), and word processing and other programs. 
• Subscribe to automatic software updates whenever they are offered for example, you can automatically update all Microsoft software. Windows 8 and Windows 7 turn on automatic updating during installation. 
• Uninstall software that you don't use. You can remove it using Windows Control Panel. 

Use strong passwords and keep them secret

• Strong passwords are at least 14 characters long and include a combination of letters, numbers, and symbols. 
• Don't share passwords with anyone. 
• Don’t use the same password on all sites. If it is stolen, all the information it protects is at risk. 
• Create different strong passwords for the router and the wireless key of your wireless connection at home. Find out how from the company that provides your router. 
• Use our password checker. 

Never turn off your firewall

• A firewall puts a protective barrier between your computer and the Internet. Turning it off for even a minute increases the risk that your PC will be infected with malware.
• Use flash drives cautiously
• Minimize the chance that you'll infect your computer with malware:
• Don't put an unknown flash (or thumb) drive into your PC. 
• Hold down the SHIFT key when you insert the drive into your computer. If you forget to do this, click in the upper-right corner to close any flash drive-related pop-up windows. 
• Don't open any files on your drive that you have not expected to see. 
• Don't be tricked into downloading malware 

Instead, follow this advice:

• Be very cautious about opening an attachment or clicking a link in an email, instant message, or post on social networks (like Facebook) even if you know the sender. Call to ask if a friend sent it; if not, delete it or close the IM window. 
• Avoid clicking Agree, OK, or I accept in banner ads, in unexpected pop-up windows with warnings or offers to remove spyware or viruses, or on websites that may not seem legitimate. 
• Instead, press CTRL + F4 on your keyboard to close the window. 
• If the window doesn't close, press ALT + F4 on your keyboard to close the browser. If asked, close all tabs and don’t save any tabs for the next time you start the browser. 
• Only download software from websites you trust. Be cautious of "free" offers of music, games, videos, and the like. They are notorious for including malware in the download. 
• Take advantage of technology such as Windows SmartScreen in Windows 8 designed to help protect you from phishing scams and new malware that your anti-malware software hasn't detected yet. 

Watch out for fake virus alerts

Rogue security software, also known as "scareware," is software that appears to be beneficial from a security perspective but provides limited or no security, generates erroneous or misleading alerts, or attempts to lure users into participating in fraudulent transactions.

How does rogue security software get on my computer?
Rogue security software designers create legitimate looking pop-up windows that advertise security update software. These windows might appear on your screen while you surf the web.
The "updates" or "alerts" in the pop-up windows call for you to take some sort of action, such as clicking to install the software, accept recommended updates, or remove unwanted viruses or spyware. When you click, the rogue security software downloads to your computer.
Rogue security software might also appear in the list of search results when you are searching for trustworthy antispyware software, so it is important to protect your computer.

What does rogue security software do?
Rogue security software might report a virus, even though your computer is actually clean. The software might also fail to report viruses when your computer is infected. Inversely, sometimes, when you download rogue security software, it will install a virus or other malicious software on your computer so that the software has something to detect.

Some rogue security software might also:

• Lure you into a fraudulent transaction (for example, upgrading to a non-existent paid version of a program).
• Use social engineering to steal your personal information.
• Install malware that can go undetected as it steals your data.
• Launch pop-up windows with false or misleading alerts.
• Slow your computer or corrupt files.
• Disable Windows updates or disable updates to legitimate antivirus software.
• Prevent you from visiting antivirus vendor websites.
• Rogue security software might also attempt to spoof the Microsoft security update process. 

To help protect yourself from rogue security software:

• Install a firewall and keep it turned on.
• Use automatic updating to keep your operating system and software up to date.
• Install antivirus and antispyware software and keep it updated. Windows 8 includes antivirus protection that’s turned on by default. If your computer isn’t running Windows 8, download Microsoft Security Essentials for free.
• Use caution when you click links in email or on social networking websites.
• Use a standard user account instead of an administrator account.
• Familiarize yourself with common phishing scams.