SANS Intrusion Detection FAQ
Source: SANS - Posted by Dave Wreski   
Intrusion Detection This document provides a great starting point for those interested in intrusion detection. "ID stands for Intrusion Detection, which is the art of detecting inappropriate, incorrect, or anomalous activity. ID systems that operate on a host to detect malicious activity on . . . This document provides a great starting point for those interested in intrusion detection. "ID stands for Intrusion Detection, which is the art of detecting inappropriate, incorrect, or anomalous activity. ID systems that operate on a host to detect malicious activity on that host are called host-based ID systems, and ID systems that operate on network data flows are called network-based ID systems.

Sometimes, a distinction is made between misuse and intrusion detection. The term intrusion is used to describe attacks from the outside; whereas, misuse is used to describe an attack that originates from the internal network. However, most people don't draw such distinctions.

Read this full article at SANS

Only registered users can write comments.
Please login or register.

Powered by AkoComment!