Location and Operation of IDS Systems

More recently, most IDS systems function by network monitoring. Points of a network are chosen where security measures need to be audited or attacks are likely to occur.
- In front of or behind firewall points
- On a network with central servers, mainframes, databases
- Near a bunch of pesky programmers

Other IDS systems work at a host level, monitoring user activity and looking for unauthorized or strange behavior. This requires that a user is on the host, which may be too late in some cases.

More recently, most IDS systems function by network monitoring. Points of a network are chosen where security measures need to be audited or attacks are likely to occur.