Intrusion detection is the process of monitoring the events occurring in a computer system or network and analyzing them for signs of possible incidents, which are violations or imminent threats of violation of computer security policies, acceptable use policies, or standard security practices. Incidents have many causes, such as malware (e.g., worms, spyware), attackers gaining unauthorized access to systems from the Internet, and authorized users of systems who misuse their privileges or attempt to gain additional privileges for which they are not authorized.
Although many incidents are malicious in nature, many others are not; for example, a user could enter an incorrect address of a system and accidentally attempt to connect to a different system without authorization.
An intrusion detection system (IDS) is software that automates the intrusion detection process. An intrusion prevention system (IPS) is software that has all the capabilities of an intrusion detection system and can also attempt to stop possible incidents. Intrusion detection systems (IDS) and intrusion prevention systems (IPS) have many of the same capabilities, so for brevity this publication refers to them collectively as intrusion detection and prevention systems (IDPS).
Intrusion detection and prevention systems identify possible incidents, log information about them, attempt to stop them, and produce reports for security administrators. The systems also assist organizations in identifying problems with security policies, documenting threats, and deterring individuals from violating security policies.
No comments:
Post a Comment