intrusion detection

Intrusion detection functions include:

• Monitoring and analyzing both user and system activities
• Analyzing system configurations and vulnerabilities
• Assessing system and file integrity
• Ability to recognize patterns typical of attacks
• Analysis of abnormal activity patterns
• Tracking user policy violations

ID systems are being developed in response to the increasing number of attacks on major sites and networks, including those of the Pentagon, the White House, NATO, and the U.S. Defense Department. The safeguarding of security is becoming increasingly difficult, because the possible technologies of attack are becoming ever more sophisticated; at the same time, less technical ability is required for the novice attacker, because proven past methods are easily accessed through the Web.

Typically, an ID system follows a two-step process. The first procedures are host-based and are considered the passive component, these include: inspection of the system's configuration files to detect inadvisable settings; inspection of the password files to detect inadvisable passwords; and inspection of other system areas to detect policy violations. The second procedures are network-based and are considered the active component: mechanisms are set in place to reenact known methods of attack and to record system responses.

In 1998, ICSA.net, a leading security assurance organization, formed the Intrusion Detection Systems Consortium (IDSC) as an open forum for ID product developers with the aim of disseminating information to the end user and developing industry standards.

Read more about intrusion detection: - Carnegie Mellon Software Engineering Institute provides a comprehensive exploration of intrusion detection . - SANS Institute Resources provides an Intrusion Detection FAQ. - SearchNetworking.com provides links to network-related security articles and tips. - SearchWin2000.com provides links to security information related to Windows 2000/XP. - SearchSecurity.com also has a section of links directly related to security.

Do you have something to add to this definition? Let us know. Send your comments to techterms@whatis.com

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Windows registry forensics guide: Investigating hacker activities Ed Skoudis explains how investigators can interact with the registry to analyze a compromised system and unveils several reg commands that can be used... More built-in Windows commands for system analysis Ed Skoudis defines five more useful Windows commands that can provide new insight into the realm of Windows analysis. Is security improved when the number of Internet gateways is reduced? A single entry point has often been thought easier to defend than multiple entry points. There are some caveats to reducing the number of Internet...

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary computer forensics  (SearchSecurity.com) Einstein  (SearchSecurity.com) Einstein is the network monitoring tool used by the United States federal government's Department of Homeland Security (DHS). Einstein is used to...