The Disadvantages of Intrusion Detection Systems

By Lynn Rademacher

As companies continue to increase their use of the Internet for business uses, the occurrences of IT intrusions will increase. These intrusions are known as security breaches and result in the loss of proprietary information, if the breach is able to access sensitive company information. The installation of intrusion detection software is the first line of defense for most companies. While intrusion detection software can help with network security, there are a few disadvantages to the software.

Source Addresses

Intrusion detection software provides information based on the network address that is associated with the IP packet that is sent into the network. This is beneficial if the network address contained in the IP packet is accurate. However, the address that is contained in the IP packet could be faked or scrambled. Either of these scenarios leaves the IT technician chasing ghosts and being unable to stop the intrusions to the network from taking place.

Encrypted Packets

Encrypted packets are not processed by the intrusion detection software. Therefore, the encrypted packet can allow an intrusion to the network that is undiscovered until more significant network intrusions have occurred. Encrypted packets can also be set to be activated at a specific time or date once they have been planted into the network. This could release a virus or other software bug, which could be avoided if the intrusion detection software was able to process encrypted packets.

Analytical Module

The analytical module has a limited ability to analyze the source information that is collected during intrusion detection. The result of this limit is that only a portion of the source information is buffered. While an IT professional monitoring the system will be alerted that abnormal behavior has been detected, they won't be able to tell where the behavior originated from. The response to this information can only be to try and stop the unauthorized network access. If more information could be obtained, the IT professional could take a defensive approach to prevent future intrusions before they occur.

False Alarms

Intrusion detection systems are able to detect behavior that is not normal for average network usage. While it's good to be able to detect abnormal network usage, the disadvantage is that the intrusion software can create a large number of false alarms. These false alarms are increased on networks where there are a large number of users. To avoid chasing after these false alarms, IT professionals must receive extensive training so that they can recognize what is a false alarm and what isn't. The expense of completing this training is another disadvantage of intrusion detection software that companies must deal with.