Protocol-based intrusion detection system
- Protocol-based intrusion detection system
A protocol-based intrusion detection system (PIDS) is an intrusion detection system which is typically installed on a web server, and is used in the monitoring and analysis of the protocol in use by the computing system. A PIDS will monitor the dynamic behavior and state of the protocol and will typically consist of a system or agent that would typically sit at the front end of a server, monitoring and analyzing the communication between a connected device and the system it is protecting.
A typical use for a PIDS would be at the front end of a web server monitoring the HTTP (or HTTPS) protocol stream. Because it understands the HTTP protocol relative to the web server/system it is trying to protect it can offer greater protection than less in-depth techniques such as filtering by IP address or port number alone, however this greater protection comes at the cost of increased computing on the web server.
Where HTTPS is in use then this system would need to reside in the "shim" or interface between where HTTPS is un-encrypted and immediately prior to it entering the Web presentation layer.
Monitoring dynamic behavior
At a basic level a PIDS would look for, and enforce, the correct use of the protocol.
At a more advanced level the PIDS can learn or be taught acceptable constructs of the protocol, and thus better detect anomalous behavior.
ee also
* Intrusion detection system (IDS)
* Network intrusion detection system (NIDS)
* Host-based intrusion detection system (HIDS)
* Application protocol-based intrusion detection system (APIDS)
* Tripwire (software) - a pioneering HIDS
* Trusted Computing Group
* Trusted platform module
Wikimedia Foundation.
2010.
Look at other dictionaries:
Application protocol-based intrusion detection system — An application protocol based intrusion detection system (APIDS) is an intrusion detection system that focuses its monitoring and analysis on a specific application protocol or protocols in use by the computing system. Overview An APIDS will… … Wikipedia
Intrusion detection system — An intrusion detection system (IDS) is a device or software application that monitors network and/or system activities for malicious activities or policy violations and produces reports to a Management Station.[1] Some systems may attempt to stop … Wikipedia
Network intrusion detection system — A Network Intrusion Detection System (NIDS) is an intrusion detection system that tries to detect malicious activity such as denial of service attacks, port scans or even attempts to crack into computers by Network Security Monitoring (NSM) of… … Wikipedia
Intrusion detection system evasion techniques — are modifications made to attacks in order to prevent detection by an Intrusion Detection System (IDS). Almost all published evasion techniques modify network attacks. The 1998 paper [http://citeseer.ist.psu.edu/ptacek98insertion.html Insertion,… … Wikipedia
Intrusion prevention system — Intrusion Prevention Systems (IPS), also known as Intrusion Detection and Prevention Systems (IDPS), are network security appliances that monitor network and/or system activities for malicious activity. The main functions of intrusion prevention… … Wikipedia
Intrusion-prevention system — An intrusion prevention system is a network security device that monitors network and/or system activities for malicious or unwanted behavior and can react, in real time, to block or prevent those activities. Network based IPS, for example, will… … Wikipedia
Intrusion Prevention System — Als Intrusion Prevention Systeme (kurz: IPS) werden Intrusion Detection Systeme (kurz: IDS) bezeichnet, die über die reine Generierung von Ereignissen (Events) hinaus Funktionen bereitstellen, die einen entdeckten Angriff verhindern können.… … Deutsch Wikipedia
Система обнаружения вторжений — (СОВ) программное или аппаратное средство, предназначенное для выявления фактов неавторизованного доступа в компьютерную систему или сеть либо несанкционированного управления ими в основном через Интернет. Соответствующий английский… … Википедия
Сетевая система обнаружения вторжений — (англ. network intrusion detection system, NIDS) система обнаружения вторжений, которая отслеживает такие виды вредоносной деятельности, как DoS атаки, сканирование портов или даже попытки проникновения в сеть. Сетевая СОВ… … Википедия
Managed Trusted Internet Protocol Service — MTIPS architectural design, demonstrating the MTIPS transport and agency trusted domain Managed Trusted Internet Protocol Service (MTIPS) was developed by the US General Services Administration (GSA) to allow US Federal agencies to physically and … Wikipedia