Intrusion detection and prevention system pdf
What is an Intrusion Prevention System?
The intrusion detection and prevention system IDS notifies you of attempts to hack into, disrupt, or deny service to the system. IDS also monitors for potential extrusions, where your system might be used as the source of the attack. These potential intrusions and extrusions are logged as intrusion monitor audit records in the security audit journal and displayed as intrusion events in the Intrusion Detection System graphical user interface GUI. You can configure IDS to prevent intrusions and extrusions from occurring. Intrusions encompass many undesirable activities, such as information theft and denial of service attacks. The objective of an intrusion might be to acquire information that a person is not authorized to have information theft.
Vulnerability exploits usually come in the form of malicious inputs to a target application or service that attackers use to interrupt and gain control of an application or machine. The IPS often sits directly behind the firewall and provides a complementary layer of analysis that negatively selects for dangerous content. Specifically, these actions include:. As an inline security component, the IPS must work efficiently to avoid degrading network performance. It must also work fast because exploits can happen in near real-time.