friedkiwi/ibm-information-center
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
master
ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzaub_5.4.0.1/rzaubkickoff.htm

107 lines
7.6 KiB
HTML
Raw Permalink Blame History

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Intrusion detection" />
<meta name="abstract" content="Intrusion detection involves gathering information about unauthorized access attempts and attacks coming in over the TCP/IP network. Security administrators can analyze the auditing records that intrusion detection provides to secure the iSeries network from these types of attacks." />
<meta name="description" content="Intrusion detection involves gathering information about unauthorized access attempts and attacks coming in over the TCP/IP network. Security administrators can analyze the auditing records that intrusion detection provides to secure the iSeries network from these types of attacks." />
<meta name="DC.Relation" scheme="URI" content="rzaubwhatnew.htm" />
<meta name="DC.Relation" scheme="URI" content="rzaubprintthis.htm" />
<meta name="DC.Relation" scheme="URI" content="rzaubconcepts.htm" />
<meta name="DC.Relation" scheme="URI" content="rzaubterms.htm" />
<meta name="DC.Relation" scheme="URI" content="rzaubsetup.htm" />
<meta name="DC.Relation" scheme="URI" content="rzaubmanage.htm" />
<meta name="DC.Relation" scheme="URI" content="rzaubaudit.htm" />
<meta name="DC.Relation" scheme="URI" content="rzaubanalyze.htm" />
<meta name="DC.Relation" scheme="URI" content="rzaubrelated.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzaubkickoff" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Intrusion detection</title>
</head>
<body id="rzaubkickoff"><a name="rzaubkickoff"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Intrusion detection</h1>
<div><p>Intrusion detection involves gathering information about unauthorized
access attempts and attacks coming in over the TCP/IP network. Security administrators
can analyze the auditing records that intrusion detection provides to secure
the iSeries™ network
from these types of attacks. </p>
<p id="rzaubkickoff__ids1"><a name="rzaubkickoff__ids1"><!-- --></a>Intrusion encompasses many undesirable activities such as information
theft and denial of service attacks. The objective of an intrusion may be
to acquire information that a person is not authorized to have (information
theft). The objective may be to cause a business harm by rendering a network,
system, or application unusable (denial of service), or it may be to gain
unauthorized use of a system as a means for further intrusions elsewhere.
Most intrusions follow a pattern of information gathering, attempted access,
and then destructive attacks. Some attacks can be detected and neutralized
by the target system. Other attacks cannot be effectively neutralized by the
target system. Most of the attacks also make use of <dfn class="term">spoofed</dfn> packets,
which are not easily traceable to their true origin. Many attacks make use
of unwitting accomplices, which are machines or networks that are used without
authorization to hide the identity of the attacker. For these reasons, a vital
part of intrusion detection is gathering information, detecting access attempts,
and attack behaviors.</p>
<div class="p" id="rzaubkickoff__ids2"><a name="rzaubkickoff__ids2"><!-- --></a>You can create an intrusion detection policy that audits suspicious
intrusion events that come in through the TCP/IP network. Examples of problems
that the intrusion detection function looks for includes:<ul><li>Denial of service attacks</li>
<li>Port scans</li>
<li>Malformed packets</li>
<li>Internet protocol (IP) fragments</li>
<li>Restricted IP options and protocols</li>
<li>Internet Control Message Protocol (ICMP) redirect messages</li>
<li>Perpetual echo attacks on User Datagram Protocol (UDP) port 7 (the echo
port)</li>
</ul>
</div>
<p>You also can write an application to analyze the auditing data and report
to the security administrator if TCP/IP intrusions are likely to be underway.</p>
<div class="important" id="rzaubkickoff__ids3"><a name="rzaubkickoff__ids3"><!-- --></a><span class="importanttitle">Important:</span> The term <dfn class="term">intrusion detection</dfn> is
used two ways in the iSeries documentation. In the first sense, intrusion
detection refers to the prevention and detection of security exposures. For
example, a hacker might be trying to break into the system using an invalid
user ID, or an inexperienced user with too much authority might be altering
important objects in system libraries. In the second sense, intrusion detection
refers to the new intrusion detection function that uses policies to monitor
suspicious traffic on the system.</div>
</div>
<div>
<ul class="ullinks">
<li class="ulchildlink"><strong><a href="rzaubwhatnew.htm">What's new for V5R4</a></strong><br />
The entire intrusion detection topic is new in V5R4.</li>
<li class="ulchildlink"><strong><a href="rzaubprintthis.htm">Printable PDF</a></strong><br />
Use this to view and print a PDF of this information.</li>
<li class="ulchildlink"><strong><a href="rzaubconcepts.htm">Concepts</a></strong><br />
This topic describes how the intrusion detection system works.</li>
<li class="ulchildlink"><strong><a href="rzaubterms.htm">Terminology</a></strong><br />
This topic defines intrusion detection terms.</li>
<li class="ulchildlink"><strong><a href="rzaubsetup.htm">Set up a new intrusion detection policy</a></strong><br />
Learn how to set up an intrusion detection policy for the first time.</li>
<li class="ulchildlink"><strong><a href="rzaubmanage.htm">Manage the intrusion detection policy file</a></strong><br />
You can configure an intrusion detection program to send e-mail to a system administrator to alert them to suspicious events and provide suggestions as to what action to take.</li>
<li class="ulchildlink"><strong><a href="rzaubaudit.htm">Audit intrusion detection activities</a></strong><br />
Learn how to audit intrusion detection activities. If the intrusion detection system (IDS) flags a suspicious event, it writes an IM audit record.</li>
<li class="ulchildlink"><strong><a href="rzaubanalyze.htm">Analyze the auditing data</a></strong><br />
Learn how to analyze the auditing data for intrusion detection activities, and obtain reference information about the fields in the IM audit record.</li>
<li class="ulchildlink"><strong><a href="rzaubrelated.htm">Related information for intrusion detection</a></strong><br />
Listed here are the product manuals and IBM<sup>®</sup> Redbooks™ (in PDF format), Web sites,
and information center topics that relate to the intrusion detection topic.
You can view or print any of the PDFs.</li>
</ul>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink