Hardware and software designed to monitor enterprise networks for unusual behaviour that warns of an attack in progress. Can be host-based or network-based.
combination of hardware and software products that are used to analyze network traffic passing through a single point on the network. The software analyzes the data searching for specific signatures (known patterns of traffic) of malicious intent. More sophisticated systems are capable of taking immediate action to terminate connection, to send an alert to an attendant or to log activity.
An Intrusion detection system (IDS) inspects all inbound and outbound network activity and identifies suspicious patterns that may indicate a network or system attack from someone attempting to break into or compromise a system.
An automated system that can detect a security violation on a system or a network.
As its name implies, an IDS detects any intrusion into the system (i.e. an illegal entry attempt by a hacker). An IDS runs in the background and silently monitors the network for any suspicious activity.
Software/hardware that detects and logs inappropriate, incorrect, or anomalous activity. IDS are typically characterized based on the source of the data they monitor: host or network. A host-based IDS uses system log files and other electronic audit data to identify suspicious activity. A network-based IDS uses a sensor to monitor packets on the network to which it is attached.
An unobtrusive and continuous surveillance service that intercepts and responds to security intrusions and abuse. The IDS gathers and analyses information from various areas within a system or a network to identify possible security breaches, which include both intrusions (attacks from outside the organisation) and abuse (attacks from within the organisation).
A system dedicated to the detection of break-ins or break in attempts either manually via software expert systems that operate on logs or other information available on the network.
A device or program that monitors a network for unwanted connections. Used to detect crackers and improve network security.
An alarm system comprised of intrusion sensors and alarm annunciation devices for the purpose of detecting intruders. Typical intrusion detectors include balanced magnetic contact switches and ultrasonic, infrared, or microwave motion or intrusion sensors.
Security software that identifies and records all attempts to compromise a network—for example, someone scanning server ports or making repeated attempts to log in using random passwords.
A computer system that monitors network traffic for data that is known to be part of an attack, or activity that is forbidden by policy.
A method to detect attacks against the integrity of an information system. This can be based on hardware or software and can based on the study of network traffic in transmission (a network based IDS) or behaviors of a process or part of an operating system on a computer (a host based IDS.) An IDS does not enforce any form of policy, it merely reports breeches.
1) Security tools that help administrators prevent damage in the network when the other protections, such as access control or firewalls, fail to keep intruders out. 2) Detects attempts or successful attacks on the resources they monitor. The resources monitored can be part of a network or a host system.
An automated system used to warn operators of a penetration or other infringement of a security policy. See also anomaly detection and secure server network forensics.
Software that is designed to monitor and alert users on unauthorised access of a computer through the Internet.
software that looks for suspicious activity and alerts administrators. [NIST
A real-time security sentry (like a motion sensor) that protects the network perimeter, extranets, and the increasingly vulnerable internal network. IDS systems analyze the network datastream in search of attack or activity signatures that have been deemed unauthorized, and then alarm and react to the activity. Tunneling protocol developed by Cisco that can encapsulate a wide variety of protocol packet types inside IP tunnels, creating a virtual point-to-point link to Cisco routers at remote points over an IP internetwork.
Software and/or hardware that detects and logs inappropriate, incorrect, or anomalous activity on a network and that identifies suspicious patterns that may indicate an attack from someone attempting to break into or compromise a system. [Source: 2005 SSP Glossary
A security management system for computers and networks. An IDS gathers and analyzes information from various areas within a computer or a network to identify possible security breaches, which include both intrusions (attacks from outside the organization) and misuse (attacks from within the organization).
An intrusion detection system (IDS) generally detects unwanted manipulations to computer systems, mainly through the Internet. The manipulations may take the form of attacks by skilled malicious hackers, or script kiddies using automated tools.