Abstract
Intrusion detection is the process of monitoring the events occurring in a computer system or network and analyzing them for signs of possible incidents, which are violations or imminent threats of violation of computer security policies, acceptable use policies, or standard security practices. An intrusion detection system (IDS) is software that automates the intrusion detection process. An intrusion prevention system (IPS) is software that has all the capabilities of an IDS and can also attempt to stop possible incidents. IDS and IPS technologies offer many of the same capabilities, and administrators can usually disable prevention features in IPS products, causing them to function as IDSs. Accordingly, for brevity the term intrusion detection and prevention systems (IDPSs) is used throughout the rest of this chapter to refer to both IDS and IPS technologies. Any exceptions are specifically noted.
This chapter provides an overview of IDPS technologies. It explains the key functions that IDPS technologies perform and the detection methodologies that they use. Next, it highlights the most important characteristics of each of the major classes of IDPS technologies. The chapter also discusses IDPS interoperability and complementary technologies.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
R. Bace: Intrusion Detection (New Riders, Indianapolis 2000)
S. Northcutt, J. Novak: Network Intrusion Detection, 3rd edn. (New Riders, Boston 2002)
M. Rash, A. Orebaugh, G. Clark, B. Pinkard, J. Babbin: Intrusion Prevention and Active Response: Deploying Network and Host IPS (Syngress, Rockland, Massachusetts 2005)
K. Kent Frederick: Network Intrusion Detection Signatures, Part Three, SecurityFocus (2002)
K. Kent Frederick: Network Intrusion Detection Signatures, Part Five, SecurityFocus (2002)
K. Scarfone, P. Mell: Special Publication 800-94: Guide to Intrusion Detection and Prevention Systems (IDPS) (National Institute of Standards and Technology, Gaithersburg 2007)
S. Northcutt, L. Zeltser, S. Winters, K. Kent, R. Ritchey: Inside Network Perimeter Security, 2nd edn. (Sams Publishing, Indianapolis 2005)
IEEE Computer Society: IEEE Standard 802.11-2007 (2007)
D. Marchette: Computer Intrusion Detection and Network Monitoring: A Statistical Viewpoint (Springer, New York 2001)
K. Kent, M. Souppaya: Special Publication 800-92: Guide to Computer Security Log Management (National Institute of Standards and Technology, Gaithersburg 2006)
P. Mell, K. Kent, J. Nusbaum: Special Publication 800-83: Guide to Malware Incident Prevention and Handling (National Institute of Standards and Technology, Gaithersburg 2005)
L. Spitzner: The Value of Honeypots, Part Two: Honeypot Solutions and Legal Issues, SecurityFocus (2001)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Scarfone, K., Mell, P. (2010). Intrusion Detection and Prevention Systems. In: Stavroulakis, P., Stamp, M. (eds) Handbook of Information and Communication Security. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04117-4_9
Download citation
DOI: https://doi.org/10.1007/978-3-642-04117-4_9
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-04116-7
Online ISBN: 978-3-642-04117-4
eBook Packages: EngineeringEngineering (R0)