Rabu, 23 Maret 2011

Webopedia.com

Internet.com Network
Wednesday, March 23, 2011

intrusion detection systemTerm of the Day
Previous Terms-of-the-Day
Term of the Day XML/RSS feed rss/xmlhttp://www.webopedia.com/rss/xml
Term of the Day Google Gadget Add to Google   
Term of the Day on Twitter Follow WebopediaTech on Twitter

An intrusion detection system (IDS) inspects all inbound and outbound network activity and identifies suspicious patterns that may indicate a network or system attack from someone attempting to break into or compromise a system.

There are several ways to categorize an IDS:

  • misuse detection vs. anomaly detection: in misuse detection, the IDS analyzes the information it gathers and compares it to large databases of attack signatures. Essentially, the IDS looks for a specific attack that has already been documented. Like a virus detection system, misuse detection software is only as good as the database of attack signatures that it uses to compare packets against. In anomaly detection, the system administrator defines the baseline, or normal, state of the network's traffic load, breakdown, protocol, and typical packet size. The anomaly detector monitors network segments to compare their state to the normal baseline and look for anomalies.

  • network-based vs. host-based systems: in a network-based system, or NIDS, the individual packets flowing through a network are analyzed. The NIDS can detect malicious packets that are designed to be overlooked by a firewall's simplistic filtering rules. In a host-based system, the IDS examines at the activity on each individual computer or host.

  • passive system vs. reactive system: in a passive system, the IDS detects a potential security breach, logs the information and signals an alert. In a reactive system, the IDS responds to the suspicious activity by logging off a user or by reprogramming the firewall to block network traffic from the suspected malicious source.

Though they both relate to network security, an IDS differs from a firewall in that a firewall looks out for intrusions in order to stop them from happening. The firewall limits the access between networks in order to prevent intrusion and does not signal an attack from inside the network. An IDS evaluates a suspected intrusion once it has taken place and signals an alarm. An IDS also watches for attacks that originate from within a system.  

Previous Terms of the Day

 Interested in placing your AD HERE? Click Here

Related

An Overview of Intrusion Detection Systems
SecurityTracker.com
eSecurity Planet
Security Wars: Can Intrusion Detection Even the Score?

Webopedia is on Facebook, Let's connect! 
Webopedia is on Facebook, are you? Let's connect! Join more than 2,300 Webopedia fans on Facebook and interact with the site's editors, post messages on the "Webopedia Wall," plus add comments on term definitions, articles, discuss technology and even suggest topics for inclusion in Webopedia.  

Click here



You are subscribed to an Internet.com newsletter as oomsatya1.digitalnewsportal@blogger.com. To unsubscribe from this newsletter, please click here.

If you wish to be removed from all future Internet.com emails, please click here.

To unsubscribe via postal mail, please contact us at:

Internet.com
Attn: Newsletter Subscription Dept.
307 5th Ave., 14th Floor
New York, NY 10016

Please include the email address which you have been contacted with.

BEST ARTICLE - Webopedia Daily: Everything About Intrusion Detection Systems (IDS)

di 11.25
*************************************************************************************