Difference between revisions of "IDS"
The Wiki of Unify contains information on clients and devices, communications systems and unified communications. - Unify GmbH & Co. KG is a Trademark Licensee of Siemens AG.
m (A summary about IDS added) |
|||
Line 1: | Line 1: | ||
− | + | {{Breadcrumb|0|0|Glossary}} | |
− | {{ | ||
− | |||
'''IDS''' = '''I'''ntrusion '''D'''etections '''S'''ystem | '''IDS''' = '''I'''ntrusion '''D'''etections '''S'''ystem |
Latest revision as of 12:25, 25 April 2011
IDS = Intrusion Detections System
Explanation
Intrusion Detection System (IDS) commonly designates an active/passive detection system used to detect suspect or malicious software events that could compromise the security and integrity of a computer system or a computer network: this happens by identifying Heuristics and Patterns (often known as Signatures) of common computer/network attacks such:
- Networks/Hosts attacks against vulnerable services
- Data driven attacks on applications
- Host based attacks such as:
- privilege escalation
- unauthorized logins
- unauthorized access to sensitive files
- Malware/Spyware injection (Viruses, Trojan Horses or Worms)
If IDS has the ability to detect and pro-actively to react against detected suspicious events it belongs to the Intrusion Prevention System family.
An IDS is composed of several components:
- Sensors which generate security events
- Console to monitor events and alerts and control the sensors
- Security Engine that records events logged by the sensors in a database and uses a system of rules to generate alerts from security events received.
There are several ways to categorize an IDS depending on the type and location of the Sensors and the methodology used by the Security Engine to generate alerts: in many simple IDS implementations all three components could be combined in a single device or appliance.