Definition of intrusion detection
Juslin Jukka
Jukka.Juslin at cern.ch
Thu Jul 25 00:30:39 PDT 2002
Dear all,
Since bro is one of the intrusion detection systems, I decided to
ask that is there a commonly accepted definition of what an
intrusion detection system is?
Obviously intrusion detection covers detecting backdoors, which are
accessed with ssh for example. But then, some "intrusion detection"
systems have things like "porn filters" looking for traffic *to* porn
sites etc and I am not sure if this is intrusion detection anymore.
Moving away from a simple backdoor detection for example, I think
intrusion detection becomes more of a political activity. It would
be nice to have a definition what intrusion detection really includes
and what not, because now many people seem to be having own definitions
for intrusion detection and IDS.
Jukka
--
Email: Jukka.Juslin at cern.ch [M.Sc. (CS)]
Web: http://www.cs.hut.fi/~jtjuslin/
Office: 31-R-012 (Box G23010) CERN IT-IS, CH-1211 Geneva 23 SWITZERLAND
Home: 4 Rue du Midi (et. 13), 1201 Geneva SWITZERLAND
Tel. +41 22 767 1826 (work) +33 6111 93328 (gsm) +41 22 7332377 (home)
More information about the Bro
mailing list