Acrónimo de
“intrusion detection system” (sistema de detección de intrusiones). Software o
hardware utilizado para identificar o alertar acerca de intentos de intrusión
en redes o sistemas. Conformado por sensores que generan eventos de seguridad;
una consola que supervisa eventos y alertas y controla los sensores; y un motor
central que registra en una base de datos los eventos denotados por los
sensores. Utiliza un sistema de reglas que generan alertas en respuesta a
cualquier evento de seguridad detectado. Consulte IPS
http://es.pcisecuritystandards.org
Sistema con
la función de detectar indicios de ataque o compromiso desde o hacia los
elementos que conforman nuestro STIC. [CCN-STIC-400:2006]
Programa
usado para detectar accesos desautorizados a un computador o a una red. Estos
accesos pueden ser ataques de habilidosos piratas informáticos que usan
herramientas automáticas. En el mercado existen diferentes versiones, de
hardware y de software. El funcionamiento de estas herramientas se basa en el
análisis pormenorizado del tráfico de red, el cual al entrar al analizador es
comparado con firmas de ataques conocidos, y/o comportamientos sospechosos,
como puede ser el escaneo de puertos, paquetes malformados, etc. Normalmente
esta herramienta se integra con un cortafuegos. El detector de intrusos es
incapaz de detener los ataques por si solo "excepto los que están
embebidos en un dispositivo de pasarela con funcionalidad de cortafuegos",
pero al estar trabajando en conjunto con el cortafuegos se convierten en una
herramienta muy poderosa ya que se une la inteligencia del IDS, no solo analiza
qué tipo de tráfico, si no que también revisa el contenido y su comportamiento,
y el poder de bloqueo del cortafuegos, este al ser el punto donde forzosamente
deben pasar los paquetes, ahí pueden ser bloqueados sin problema alguno.
http://www.alerta-antivirus.es/seguridad/ver_pag.html?tema=S
Un sistema de
detección de intrusos (o IDS de sus siglas en inglés Intrusion Detection
System) es una aplicación usada para detectar accesos no autorizados a un
ordenador/servidor o a una red. Estos accesos pueden ser ataques realizados por
usuarios malintencionados con conocimientos de seguridad o a través de
herramientas automáticas.
http://www.inteco.es/glossary/Formacion/Glosario/
Hardware or software
products that gather and analyze information from various areas within a
computer or a network to identify possible security breaches, which include
both intrusions (attacks from outside the organizations) and misuse (attacks
from with the organizations). [CNSSI_4009:2010]
IDSs which operate on
information collected from within an individual computer system. This vantage
point allows host-based IDSs to determine exactly which processes and user
accounts are involved in a particular attack on the Operating System. Furthermore,
unlike network-based IDSs, host-based IDSs can more readily “see” the intended
outcome of an attempted attack, because they can directly access and monitor
the data files and system processes usually targeted by attacks. [CNSSI_4009:2010]
IDSs which detect attacks by
capturing and analyzing network packets. Listening on a network segment or
switch, one network-based IDS can monitor the network traffic affecting
multiple hosts that are connected to the network segment. [CNSSI_4009:2010]
1. (N) A process or
subsystem, implemented in software or hardware, that automates the tasks of (a)
monitoring events that occur in a computer network and (b) analyzing them for
signs of security problems. [SP31] (See: intrusion detection.)
2. (N) A security alarm
system to detect unauthorized entry. [DC6/9].
Tutorial: Active intrusion
detection processes can be either host- based or network-based:
·
"Host-based":
Intrusion detection components -- traffic sensors and analyzers -- run directly
on the hosts that they are intended to protect.
·
"Network-based":
Sensors are placed on subnetwork components, and analysis components run either
on subnetwork components or hosts.
[RFC4949:2007]
(I) Sensing and analyzing
system events for the purpose of noticing (i.e., becoming aware of) attempts to
access system resources in an unauthorized manner. (See: anomaly detection,
IDS, misuse detection. Compare: extrusion detection.) [IDSAN, IDSSC, IDSSE,
IDSSY]
Usage: This includes the
following subtypes:
·
"Active
detection": Real-time or near-real-time analysis of system event data to
detect current intrusions, which result in an immediate protective response.
·
"Passive
detection": Off-line analysis of audit data to detect past intrusions,
which are reported to the system security officer for corrective action.
(Compare: security audit.)
[RFC4949:2007]
A host-based intrusion
detection and prevention system that performs monitoring for a specific
application service only, such as a Web server program or a database server
program.
[NIST-SP800-94:2007]
A program that monitors the
characteristics of a single host and the events occurring within that host to
identify and stop suspicious activity. [NIST-SP800-94:2007]
The process of monitoring
the events occurring in a computer system or network and analyzing them for
signs of possible incidents. [NIST-SP800-94:2007]
The process of monitoring
the events occurring in a computer system or network, analyzing them for signs
of possible incidents, and attempting to stop detected possible incidents. See also intrusion prevention.
[NIST-SP800-94:2007]
Software that automates the
intrusion detection process. [NIST-SP800-94:2007]
An intrusion detection and
prevention system that monitors network traffic for particular network segments
or devices and analyzes the network and application protocol activity to
identify and stop suspicious activity. [NIST-SP800-94:2007]
An intrusion detection and
prevention system that examines network traffic to identify and stop threats
that generate unusual traffic flows. [NIST-SP800-94:2007]
An intrusion detection and
prevention system that monitors wireless network traffic and analyzes its
wireless networking protocols to identify and stop suspicious activity
involving the protocols themselves. [NIST-SP800-94:2007]
the formal process of
detecting intrusions. The process is generally characterized by gathering
knowledge about abnormal usage patterns as well as what, how, and which
vulnerability has been exploited to include how and when it occurred. [ISO-18028-1:2006]
a technical system that is
used to identify that an intrusion has been attempted, is occurring, or has
occurred and possibly respond to intrusions in information systems and
networks. [ISO-18028-1:2006]
Software that looks for
suspicious activity and alerts administrators. [NIST-SP800-61:2004]
Acronym for “intrusion
detection system.” Software or hardware used to identify and alert on network
or system intrusion attempts. Composed of sensors that generate security
events; a console to monitor events and alerts and control the sensors; and a
central engine that records events logged by the sensors in a database. Uses
system of rules to generate alerts in response to security events detected.
https://www.pcisecuritystandards.org/security_standards/glossary.php
Intrusion protection systems
perform the same detection functions of an IDS. with the added capability to
block traffic. Traffic can typically be blocked by dropping the offending
packets). or by forcing a reset of the offending TCP/IP session. IPS works
in-line. and therefore may introduce latency. [knapp:2014]
Intrusion detection (ID) is
a type of security management system for computers and networks. An ID system
gathers and analyzes information from various areas within a computer or a
network to identify possible security breaches, which include both intrusions
(attacks from outside the organization) and misuse (attacks from within the
organization). ID uses vulnerability assessment (sometimes refered to as
scanning), which is a technology developed to assess the security of a computer
system or network.
http://searchsecurity.techtarget.com/
A Host Intrusion Detection
System, which detects intrusion attempts via a Software agent running on a
specific host. A HIDS detects intrusions by inspecting packets and matching the
contents against defined patterns or "signatures" that indicate
malicious content. and produce an alert. [knapp:2014]
A Host Intrusion Prevention
System. which detects and prevents intrusion attempts via a software agent
running on a specific host. Like a HIDS. u HIPS detects intrusions by
inspecting packets and matching the contents against defined patterns or
"signatures" that indicate malicious content. and produce an alert. [knapp:2014]
Host intrusion detection
systems (HIDS) and network intrusion detection systems (NIDS) are methods of
security management for computers and networks. In HIDS, anti-threat
applications such as firewalls, antivirus software and spyware-detection
programs are installed on every network computer that has two-way access to the
outside environment such as the Internet. In NIDS, anti-threat software is
installed only at specific points such as servers that interface between the
outside environment and the network segment to be protected.
All methods of intrusion
detection (ID) involve the gathering and analysis of information from various
areas within a computer or network to identify possible threats posed by
hackers and crackers inside or outside the organization. Host-based and
network-based ID systems have their respective advantages and limitations. The
most effective protection for a proprietary network is provided by a
combination of both technologies.
http://searchsecurity.techtarget.com/
A network-based IDS system
monitors the traffic on its network segment as a data source. This is generally
accomplished by placing the network interface card in promiscuous mode to
capture all network traffic that crosses its network segment.
Network traffic on other
segments, and traffic on other means of communication (like phone lines) can't
be monitored. Network-based IDS involves looking at the packets on the network
as they pass by some sensor. The sensor can only see the packets that happen to
be carried on the network segment it's attached to. Packets are considered to
be of interest if they match a signature.Network -based intrusion detection
passively monitors network activity for indications of attacks. Network
monitoring offers several advantages over traditional host-based intrusion
detection systems. Because many intrusions occur over networks at some point,
and because networks are increasingly becoming the targets of attack, these
techniques are an excellent method of detecting many attacks which may be
missed by host-based intrusion detection mechanisms.
http://www.sans.org/security-resources/glossary-of-terms/
A security service that
monitors and analyzes system events to find and provide real-time or near
real-time attempt warnings to access system resources in an unauthorized
manner. This is the detection of break-ins or break-in attempts, by reviewing
logs or other information available on a network.
http://www.symantec.com/avcenter/refa.html
A security management system
for computers and networks. An IDS gathers and analyzes information from
various areas within a computer or a network to identify possible security
breaches, which include both intrusions (attacks from outside the organization)
and misuse (attacks from within the organization).
http://www.sans.org/security-resources/glossary-of-terms/
Acronyme d’«intrusion detection
system», système de détection d’intrusion. Logiciel ou matériel utilisé pour
identifier les tentatives d’intrusion dans un réseau ou un système et donner
l’alerte. Constitué de capteurs qui génèrent des événements de sécurité, d’une
console pour la surveillance des événements et des alertes et le contrôle des
capteurs, ainsi que d’un moteur central qui enregistre dans une base de données
les événements consignés par les capteurs. Utilise un système de règles pour
déclencher des alertes en réponse aux événements de sécurité détectés. Voir IPS
http://fr.pcisecuritystandards.org/
Mécanisme de sécurité
permettant la détection d'intrusion en temps réel au niveau d'un réseau
informatique. Les IDS sont de plus en plus utilisés en complément des
mécanismes de sécurité existant tel que les firewalls ou autres routeurs
filtrants.
http://www.cases.public.lu/functions/glossaire/