intrusion detection
Home > Midmarket IT Security Definitions - Intrusion detection
SearchMidmarketSecurity.com Definitions (Powered by WhatIs.com)
EMAIL THIS
LOOK UP TECH TERMS Powered by: WhatIs.com
Search listings for thousands of IT terms:
Browse tech terms alphabetically:
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z #

intrusion detection

Show me everything on Detecting and preventing network intrusions

DEFINITION - Intrusion detection (ID) is a type of security management system for computers and networks. An ID system gathers and analyzes information from various areas within a computer or a network to identify possible security breaches, which include both intrusions (attacks from outside the organization) and misuse (attacks from within the organization). ID uses vulnerability assessment (sometimes refered to as scanning), which is a technology developed to assess the security of a computer system or network.

Intrusion detection functions include:

  • Monitoring and analyzing both user and system activities
  • Analyzing system configurations and vulnerabilities
  • Assessing system and file integrity
  • Ability to recognize patterns typical of attacks
  • Analysis of abnormal activity patterns
  • Tracking user policy violations

ID systems are being developed in response to the increasing number of attacks on major sites and networks, including those of the Pentagon, the White House, NATO, and the U.S. Defense Department. The safeguarding of security is becoming increasingly difficult, because the possible technologies of attack are becoming ever more sophisticated; at the same time, less technical ability is required for the novice attacker, because proven past methods are easily accessed through the Web.

Typically, an ID system follows a two-step process. The first procedures are host-based and are considered the passive component, these include: inspection of the system's configuration files to detect inadvisable settings; inspection of the password files to detect inadvisable passwords; and inspection of other system areas to detect policy violations. The second procedures are network-based and are considered the active component: mechanisms are set in place to reenact known methods of attack and to record system responses.

In 1998, ICSA.net, a leading security assurance organization, formed the Intrusion Detection Systems Consortium (IDSC) as an open forum for ID product developers with the aim of disseminating information to the end user and developing industry standards.

Learn more about Detecting and preventing network intrusions
Quiz: Intrusion defense in the era of Windows Vista: A five-question multiple-choice quiz to test your understanding of the content presented by expert Peter H. Gregory in this lesson of SearchSecurity.com's Intrusion Defense School.
How to set your baseline with host integrity monitoring software: Once you have malware detection, IDS and network firewalls in place, it may be time to try another valuable troubleshooting tool: host integrity monitoring software.
How to maintain network control plane security: Use access control lists and secure configurations to maintain the security of your organization's network control plane.
Validate your perimeter network security devices are working: Validation tests on your perimeter network security tools such as antimalware can help identify security gaps and misconfigurations.
The keys to locking down Windows Vista User Account Control: Windows Vista's User Account Control feature can effectively lock down users' desktops. However, it's not exactly the perfect defense strategy.

LAST UPDATED: 11 Mar 2009

Do you have something to add to this definition? Let us know.
Send your comments to techterms@whatis.com

More resources from around the web:
- Carnegie Mellon Software Engineering Institute provides a comprehensive exploration of intrusion detection .
- Mike Rothman describes 'Best practices for purchasing an intrusion detection device.'
- SANS Institute Resources provides an Intrusion Detection FAQ.
- In this tip, David Jacobs looks at intrusion prevention management products.
- Mike Chapple explains 'top-down' IPS sensor search.





FILE EXTENSION AND FILE FORMAT LIST
File Extension and File Format List:
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z #


RELATED CONTENT
How to set your baseline with host integrity monitoring software
Once you have malware detection, IDS and network firewalls in place, it may be time to try another valuable troubleshooting tool: host integrity...
How to maintain network control plane security
Use access control lists and secure configurations to maintain the security of your organization's network control plane.
Validate your perimeter network security devices are working
Validation tests on your perimeter network security tools such as antimalware can help identify security gaps and misconfigurations.

RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
Snort  (SearchMidmarketSecurity.com)




About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2009 - 2010, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts