Acrónimos:
IDS
Ver:
· Sistema de prevención de intrusiones
· Shim (System Health and Intrusion Monitoring)
Acrónimo de
intrusion detection system (sistema de detección de intrusiones). Software o
hardware utilizado para identificar o alertar acerca de intentos de intrusión
en redes o sistemas. Conformado por sensores que generan eventos de seguridad;
una consola que supervisa eventos y alertas y controla los sensores; y un motor
central que registra en una base de datos los eventos denotados por los
sensores. Utiliza un sistema de reglas que generan alertas en respuesta a
cualquier evento de seguridad detectado. Consulte IPS
http://es.pcisecuritystandards.org
Sistema con
la función de detectar indicios de ataque o compromiso desde o hacia los
elementos que conforman nuestro STIC. [CCN-STIC-400:2006]
Programa
usado para detectar accesos desautorizados a un computador o a una red. Estos
accesos pueden ser ataques de habilidosos piratas informáticos que usan
herramientas automáticas. En el mercado existen diferentes versiones, de
hardware y de software. El funcionamiento de estas herramientas se basa en el
análisis pormenorizado del tráfico de red, el cual al entrar al analizador es
comparado con firmas de ataques conocidos, y/o comportamientos sospechosos,
como puede ser el escaneo de puertos, paquetes malformados, etc. Normalmente
esta herramienta se integra con un cortafuegos. El detector de intrusos es
incapaz de detener los ataques por si solo "excepto los que están
embebidos en un dispositivo de pasarela con funcionalidad de cortafuegos",
pero al estar trabajando en conjunto con el cortafuegos se convierten en una
herramienta muy poderosa ya que se une la inteligencia del IDS, no solo analiza
qué tipo de tráfico, si no que también revisa el contenido y su comportamiento,
y el poder de bloqueo del cortafuegos, este al ser el punto donde forzosamente
deben pasar los paquetes, ahí pueden ser bloqueados sin problema alguno.
http://www.alerta-antivirus.es/seguridad/ver_pag.html?tema=S
Un sistema de
detección de intrusos (o IDS de sus siglas en inglés Intrusion Detection
System) es una aplicación usada para detectar accesos no autorizados a un
ordenador/servidor o a una red. Estos accesos pueden ser ataques realizados por
usuarios malintencionados con conocimientos de seguridad o a través de
herramientas automáticas.
http://www.inteco.es/glossary/Formacion/Glosario/
Hardware or
software products that gather and analyze information from various areas within
a computer or a network to identify possible security breaches, which include
both intrusions (attacks from outside the organizations) and misuse (attacks
from with the organizations). [CNSSI_4009:2010]
IDSs which
operate on information collected from within an individual computer system.
This vantage point allows host-based IDSs to determine exactly which processes
and user accounts are involved in a particular attack on the Operating System.
Furthermore, unlike network-based IDSs, host-based IDSs can more readily see
the intended outcome of an attempted attack, because they can directly access
and monitor the data files and system processes usually targeted by attacks. [CNSSI_4009:2010]
IDSs which detect
attacks by capturing and analyzing network packets. Listening on a network
segment or switch, one network-based IDS can monitor the network traffic
affecting multiple hosts that are connected to the network segment. [CNSSI_4009:2010]
1. (N) A process
or subsystem, implemented in software or hardware, that automates the tasks of
(a) monitoring events that occur in a computer network and (b) analyzing them
for signs of security problems. [SP31] (See: intrusion detection.)
2. (N) A security
alarm system to detect unauthorized entry. [DC6/9].
Tutorial: Active
intrusion detection processes can be either host- based or network-based:
·
"Host-based":
Intrusion detection components -- traffic sensors and analyzers -- run directly
on the hosts that they are intended to protect.
·
"Network-based":
Sensors are placed on subnetwork components, and analysis components run either
on subnetwork components or hosts.
[RFC4949:2007]
(I) Sensing and
analyzing system events for the purpose of noticing (i.e., becoming aware of)
attempts to access system resources in an unauthorized manner. (See: anomaly
detection, IDS, misuse detection. Compare: extrusion detection.) [IDSAN, IDSSC,
IDSSE, IDSSY]
Usage: This
includes the following subtypes:
·
"Active
detection": Real-time or near-real-time analysis of system event data to
detect current intrusions, which result in an immediate protective response.
·
"Passive
detection": Off-line analysis of audit data to detect past intrusions,
which are reported to the system security officer for corrective action.
(Compare: security audit.)
[RFC4949:2007]
A host-based
intrusion detection and prevention system that performs monitoring for a
specific application service only, such as a Web server program or a database
server program.
[NIST-SP800-94:2007]
A program that
monitors the characteristics of a single host and the events occurring within
that host to identify and stop suspicious activity. [NIST-SP800-94:2007]
The process of
monitoring the events occurring in a computer system or network and analyzing
them for signs of possible incidents. [NIST-SP800-94:2007]
The process of
monitoring the events occurring in a computer system or network, analyzing them
for signs of possible incidents, and attempting to stop detected possible
incidents. See also
intrusion prevention. [NIST-SP800-94:2007]
Software that
automates the intrusion detection process. [NIST-SP800-94:2007]
An intrusion
detection and prevention system that monitors network traffic for particular
network segments or devices and analyzes the network and application protocol
activity to identify and stop suspicious activity. [NIST-SP800-94:2007]
An intrusion
detection and prevention system that examines network traffic to identify and
stop threats that generate unusual traffic flows. [NIST-SP800-94:2007]
An intrusion
detection and prevention system that monitors wireless network traffic and
analyzes its wireless networking protocols to identify and stop suspicious
activity involving the protocols themselves. [NIST-SP800-94:2007]
the formal
process of detecting intrusions. The process is generally characterized by
gathering knowledge about abnormal usage patterns as well as what, how, and
which vulnerability has been exploited to include how and when it occurred. [ISO-18028-1:2006]
a technical
system that is used to identify that an intrusion has been attempted, is
occurring, or has occurred and possibly respond to intrusions in information
systems and networks. [ISO-18028-1:2006]
Software that
looks for suspicious activity and alerts administrators. [NIST-SP800-61:2004]
Acronym for
intrusion detection system. Software or hardware used to identify and alert
on network or system intrusion attempts. Composed of sensors that generate
security events; a console to monitor events and alerts and control the
sensors; and a central engine that records events logged by the sensors in a
database. Uses system of rules to generate alerts in response to security
events detected.
https://www.pcisecuritystandards.org/security_standards/glossary.php
Intrusion
protection systems perform the same detection functions of an IDS. with the
added capability to block traffic. Traffic can typically be blocked by dropping
the offending packets). or by forcing a reset of the offending TCP/IP session.
IPS works in-line. and therefore may introduce latency. [knapp:2014]
Intrusion
detection (ID) is a type of security management system for computers and
networks. An ID system gathers and analyzes information from various areas
within a computer or a network to identify possible security breaches, which
include both intrusions (attacks from outside the organization) and misuse
(attacks from within the organization). ID uses vulnerability assessment
(sometimes refered to as scanning), which is a technology developed to assess
the security of a computer system or network.
http://searchsecurity.techtarget.com/
A Host Intrusion
Detection System, which detects intrusion attempts via a Software agent running
on a specific host. A HIDS detects intrusions by inspecting packets and
matching the contents against defined patterns or "signatures" that
indicate malicious content. and produce an alert. [knapp:2014]
A Host Intrusion
Prevention System. which detects and prevents intrusion attempts via a software
agent running on a specific host. Like a HIDS. u HIPS detects intrusions by
inspecting packets and matching the contents against defined patterns or
"signatures" that indicate malicious content. and produce an alert. [knapp:2014]
Host intrusion
detection systems (HIDS) and network intrusion detection systems (NIDS) are
methods of security management for computers and networks. In HIDS, anti-threat
applications such as firewalls, antivirus software and spyware-detection
programs are installed on every network computer that has two-way access to the
outside environment such as the Internet. In NIDS, anti-threat software is
installed only at specific points such as servers that interface between the
outside environment and the network segment to be protected.
All methods of
intrusion detection (ID) involve the gathering and analysis of information from
various areas within a computer or network to identify possible threats posed
by hackers and crackers inside or outside the organization. Host-based and
network-based ID systems have their respective advantages and limitations. The
most effective protection for a proprietary network is provided by a
combination of both technologies.
http://searchsecurity.techtarget.com/
A network-based
IDS system monitors the traffic on its network segment as a data source. This
is generally accomplished by placing the network interface card in promiscuous
mode to capture all network traffic that crosses its network segment.
Network traffic
on other segments, and traffic on other means of communication (like phone
lines) can't be monitored. Network-based IDS involves looking at the packets on
the network as they pass by some sensor. The sensor can only see the packets
that happen to be carried on the network segment it's attached to. Packets are
considered to be of interest if they match a signature.Network -based intrusion
detection passively monitors network activity for indications of attacks. Network
monitoring offers several advantages over traditional host-based intrusion
detection systems. Because many intrusions occur over networks at some point,
and because networks are increasingly becoming the targets of attack, these
techniques are an excellent method of detecting many attacks which may be
missed by host-based intrusion detection mechanisms.
http://www.sans.org/security-resources/glossary-of-terms/
A security
service that monitors and analyzes system events to find and provide real-time
or near real-time attempt warnings to access system resources in an
unauthorized manner. This is the detection of break-ins or break-in attempts,
by reviewing logs or other information available on a network.
http://www.symantec.com/avcenter/refa.html
A security
management system for computers and networks. An IDS gathers and analyzes
information from various areas within a computer or a network to identify
possible security breaches, which include both intrusions (attacks from outside
the organization) and misuse (attacks from within the organization).
http://www.sans.org/security-resources/glossary-of-terms/
Acronyme d«intrusion detection
system», système de détection dintrusion. Logiciel ou matériel utilisé pour
identifier les tentatives dintrusion dans un réseau ou un système et donner
lalerte. Constitué de capteurs qui génèrent des événements de sécurité, dune
console pour la surveillance des événements et des alertes et le contrôle des
capteurs, ainsi que dun moteur central qui enregistre dans une base de données
les événements consignés par les capteurs. Utilise un système de règles pour
déclencher des alertes en réponse aux événements de sécurité détectés. Voir IPS
http://fr.pcisecuritystandards.org/
Mécanisme de sécurité
permettant la détection d'intrusion en temps réel au niveau d'un réseau
informatique. Les IDS sont de plus en plus utilisés en complément des
mécanismes de sécurité existant tel que les firewalls ou autres routeurs
filtrants.
http://www.cases.public.lu/functions/glossaire/
Temas relacionados