Intrusion detection terminology (part one)
Intrusion Detection Systems (IDS) are still in their infancy, but in terms of development they are evolving at an extraordinary rate. The terminology associated with IDS is evolving just as rapidly. As a result of IDS' rapid growth and the marketing prowess of some IDS vendors, some confusion has arisen about the correct meaning of key terms.
In some cases the same term may be used by different vendors to mean different things. This is the first of a two-part series that discusses IDS terminology, including terms where there may be disagreement from within the security community. Wherever possible, I have tried to include all definitions except where I consider usage of the term to be inaccurate or misleading.
[ Read more ]
- Review: Intrusion Detection with SNORT: Advanced IDS Techniques Using SNORT, Apache, MySQL, PHP, and ACID (19 June 2003)
- Review: Network Intrusion Detection 3/e (24 January 2003)
- Article: Securing Linux (16 May 2002)
- Article: Tips on basic Linux server security (14 May 2002)