Intrusion Detection and Prevention Systems
Intrusion detection is the process of monitoring the events occurring in a computer system or network and analyzing them for signs of possible incidents, which are violations or imminent threats of violation of computer security policies, acceptable use policies, or standard security practices. An intrusion detection system (IDS) is software that automates the intrusion detection process. An intrusion prevention system (IPS) is software that has all the capabilities of an IDS and can also attempt to stop possible incidents. IDS and IPS technologies offer many of the same capabilities, and administrators can usually disable prevention features in IPS products, causing them to function as IDSs. Accordingly, for brevity the term intrusion detection and prevention systems (IDPSs) is used throughout the rest of this chapter to refer to both IDS and IPS technologies. Any exceptions are specifically noted.
This chapter provides an overview of IDPS technologies. It explains the key functions that IDPS technologies perform and the detection methodologies that they use. Next, it highlights the most important characteristics of each of the major classes of IDPS technologies. The chapter also discusses IDPS interoperability and complementary technologies.
KeywordsTransmission Control Protocol Intrusion Detection Wireless Local Area Network Malicious Activity Suspicious Activity
Unable to display preview. Download preview PDF.
- 9.1.R. Bace: Intrusion Detection (New Riders, Indianapolis 2000)Google Scholar
- 9.2.S. Northcutt, J. Novak: Network Intrusion Detection, 3rd edn. (New Riders, Boston 2002)Google Scholar
- 9.3.M. Rash, A. Orebaugh, G. Clark, B. Pinkard, J. Babbin: Intrusion Prevention and Active Response: Deploying Network and Host IPS (Syngress, Rockland, Massachusetts 2005)Google Scholar
- 9.4.K. Kent Frederick: Network Intrusion Detection Signatures, Part Three, SecurityFocus (2002)Google Scholar
- 9.5.K. Kent Frederick: Network Intrusion Detection Signatures, Part Five, SecurityFocus (2002)Google Scholar
- 9.6.K. Scarfone, P. Mell: Special Publication 800-94: Guide to Intrusion Detection and Prevention Systems (IDPS) (National Institute of Standards and Technology, Gaithersburg 2007)Google Scholar
- 9.7.S. Northcutt, L. Zeltser, S. Winters, K. Kent, R. Ritchey: Inside Network Perimeter Security, 2nd edn. (Sams Publishing, Indianapolis 2005)Google Scholar
- 9.8.IEEE Computer Society: IEEE Standard 802.11-2007 (2007)Google Scholar
- 9.10.K. Kent, M. Souppaya: Special Publication 800-92: Guide to Computer Security Log Management (National Institute of Standards and Technology, Gaithersburg 2006)Google Scholar
- 9.11.P. Mell, K. Kent, J. Nusbaum: Special Publication 800-83: Guide to Malware Incident Prevention and Handling (National Institute of Standards and Technology, Gaithersburg 2005)Google Scholar
- 9.12.L. Spitzner: The Value of Honeypots, Part Two: Honeypot Solutions and Legal Issues, SecurityFocus (2001)Google Scholar