Edit Page
The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 9: | Line 9: | ||
== Overview == |
== Overview == |
||
β | {{Quote|Intrusion detection systems detect inappropriate, incorrect, or anomalous activity on a network or computer system. Intrusion prevention systems build on intrusion detection systems to detect attacks on a network and take action to prevent them from being successful. Security event correlation tools monitor and document actions on network devices and analyze the actions to determine if an attack is ongoing or has occurred.<ref>[[Cybercrime: Public and Private Entities Face Challenges in Addressing Cyber Threats]], at 22 n.20.</ref>}} |
+ | {{Quote|Intrusion detection systems detect inappropriate, incorrect, or anomalous activity on a network or computer system. Intrusion prevention systems build on intrusion detection systems to detect attacks on a network and take action to prevent them from being successful. Security event correlation tools monitor and document actions on network devices and analyze the actions to determine if an attack is ongoing or has occurred. Computer forensic tools identify, preserve, extract, and document computer-based evidence.<ref>[[Cybercrime: Public and Private Entities Face Challenges in Addressing Cyber Threats]], at 22 n.20.</ref>}} |
An IDS collects [[information]] on a [[network]], analyzes the [[information]] on the basis of a preconfigured rule set, and then responds to the analysis. IDS ensure that unusual activity such as new open [[port]]s, unusual [[traffic]] patterns, or changes to critical [[operating system]] [[file]]s is brought to the attention of the appropriate [[security]] personnel. |
An IDS collects [[information]] on a [[network]], analyzes the [[information]] on the basis of a preconfigured rule set, and then responds to the analysis. IDS ensure that unusual activity such as new open [[port]]s, unusual [[traffic]] patterns, or changes to critical [[operating system]] [[file]]s is brought to the attention of the appropriate [[security]] personnel. |