Professional Documents
Culture Documents
networks. An ID system gathers and analyzes information from various areas within
a computer or a network to identify possible security breaches, which include both
intrusions (attacks from outside the organization) and misuse (attacks from within
the organization). (Continued)
GUIDE SECTIONS
UTM basics
UTM benefits
Technical specs
Finding the ideal vendor
UTM considerations
Purchasing a UTM
Definitions
+ Show More
Intrusion detection (ID) is a type of security management system for computers and
networks. An ID system gathers and analyzes information from various areas within
a computer or a network to identify possible security breaches, which include both
intrusions (attacks from outside the organization) and misuse (attacks from within
the organization). ID uses vulnerability assessment (sometimes refered to as
scanning), which is a technology developed to assess the security of a computer
system or network.
Intrusion detection functions include:
Typically, an ID system follows a two-step process. The first procedures are hostbased and are considered the passive component, these include: inspection of the
system's configuration files to detect inadvisable settings; inspection of the
password files to detect inadvisable passwords; and inspection of other system
areas to detect policy violations. The second procedures are network-based and are
considered the active component: mechanisms are set in place to reenact known
methods of attack and to record system responses.