Idps

Security Technology: Intrusion Detection and Prevention System (IDPS)

The chapter focuses on that discussion by describing additional and more advanced technologies—intrusion detection and prevention systems, honeypots, honeynets, padded cell systems, scanning and analysis tools, and access controls—that organizations can use to enhance the security of their information assets.

An intrusion occurs when an attacker attempts to gain entry into or disrupt the normal operations of an information system, almost always with the intent to do harm. Even when such attacks are self-propagating, as in the case of viruses and distributed denial-of-service attacks, they are almost always instigated by someone whose purpose is to harm an organization.

Intrusion prevention consists of activities that deter an intrusion. Some important intrusion prevention activities are writing and implementing good enterprise information security policy, planning and executing effective information security programs, installing and testing technology-based information security countermeasures (such as firewalls and intrusion detection systems), and conducting and measuring the effectiveness of employee training and awareness activities.

Intrusion detection consists of procedures and systems that identify system intrusions.

Intrusion reaction encompasses the actions an organization takes when an intrusion is detected. These actions seek to limit the loss from an intrusion and return operations

to a normal state as rapidly as possible.

Intrusion correction activities finalize the restoration of operations to a normal state and seek to identify the source and method of the intrusion in order to ensure that the same type of attack cannot occur again—thus reinitiating intrusion prevention.

IDPS Terminology:

The following list of IDPS industry standard terms and definitions is taken from a well-known information security company, TruSecure:

Alert or alarm: An indication...