Intrusion Detection Systems
AKA IDS. Consist of procedures and systems that identify system intrusions.
activities that finalize the restoration of operations to a normal state as quickly as possible.
Intrusion Detection and Prevention Systems
AKA IDPS. Generally used to describe current anti-intrusion technologies.
Process by whcih attackers change the format and/or timing of their activities in order to avoid detection by the IDPS
Alarm events that are accurate and noteworthy but do pose significant threats to information security.
Rules and configuration guidelines governing the implementation and operation of IPDS within an organization.
Site Policy Awareness
An IDPS's ability to dynamically modify its configuration in response to environmental activity.
True Attack Stimulus
Event that triggers alarms and causes an IDPS to react as if a real attack is in progress
Process of adjusting an IDPS to maximize its efficiency in detecting true positives, while minimizing false positives and false negatives.
Measure of an IDPS's ability to correctly detect and identify certain types of attacks.
Alarm Clustering and Compaction
Process of grouping almost identical alarms that happen at close to the same time into a single higher level alarm.
Based on fuzzy logical, experience, and past performance measurement, helps an administrator determine how likely it is that an IDPS alert or alarm indicates an actual attack in in progress.
Process of initially estimating the defensive state of an organization's networks and systems.
Activities that can network locales for active systems and then identify the network services offered by the host systems.
PDS/IPS Technologies Difference.....
IPS can respond to a detected threat by attempting to prevent it from succeeding.
NB IDPS Systems
AKA Network Behavior Analysis Systems. Examine network traffic in order to identify problems related to the flow of traffic, i.e., excessive packet flows that might occur as the result of DoS attacks, virus and worm attacks, some forms of network policy violations. This systems reside on network segments and monitor traffic across those segments.
AKA System Integrity Verifiers. Resides on a particular host computer or host server and monitors activity only on that system.
AKA Knowledge-based or Misuse-detection IDPS. Examines network traffic in search of patterns that match known signatures
AKA Behavior-based IDPS. Collects statistical summaries by observing traffic that is known to be normal.
Stateful Protocol Analysis IDPS
Process of comparing predetermined profiles that specify how particular protocols should and should not be used.