One side of computer security is keeping people from getting unauthorized access: choosing good passwords, patching software to protect against known exploits, etc. But when you reach a more advanced level than that, intrusion detection systems (IDS) become an important way of detecting and mitigating attacks. These systems monitor the functioning of a computer system or account and produce some sort of alert if suspicious activity is ongoing.
For example, GMail includes a rudimentary IDS. It allows users to check whether anyone is logged into their account from another location. If you check the list and see only your home IP address and your phone, everything is probably fine. If some random IP address from Berlin or Mumbai or Tokyo is on there, someone has probably compromised your account.
IDS can be much more sophisticated than this. While GMail calls upon the user to keep an eye on things manually, automated systems can flag suspicious activity and produce warnings. A classic example would be a computer in a distant country accessing your GMail via POP3 and starting to download the entire contents of your archive. That is super suspicious and – if you are someone like Sarah Palin – potentially career-ending.
The same goes, naturally, for a situation where some random army private starts accessing and downloading thousands of diplomatic cables. Say what you will about the ethics of Wikileaks, but from a computer security perspective there should have been an IDS that spotted that aberrant pattern.
Attackers always get more sophisticated and their attacks always improve. As a consequence, those who want to defend computer systems must keep raising their own game by implementing sophisticated security strategies. Deploying IDS both on personal computers and within cloud services like GMail is one way in which people can become aware of breaches in time to stop them from becoming too severe. It’s never comfortable to learn that you are dealing with an intruder, but it is much better to have that awareness than to continue blindly forward while they persist in nefarious activities.
P.S. Does anyone know of a good IDS for Macs? Given how many people are on always-on internet connections these days, and given that all operating systems have security flaws that take time to fix, operating an IDS on one’s personal computer is probably a good security trade-off. Indeed, I am planning to set up a second system unconnected to the internet, next time I buy a new desktop machine. It is axiomatic that any computer connected to the internet is vulnerable.