79 lines
4.8 KiB
HTML
79 lines
4.8 KiB
HTML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<!DOCTYPE html
|
|
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
|
<html lang="en-us" xml:lang="en-us">
|
|
<head>
|
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
|
<meta name="security" content="public" />
|
|
<meta name="Robots" content="index,follow" />
|
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
|
<meta name="DC.Type" content="reference" />
|
|
<meta name="DC.Title" content="Terminology" />
|
|
<meta name="abstract" content="This topic defines intrusion detection terms." />
|
|
<meta name="description" content="This topic defines intrusion detection terms." />
|
|
<meta name="DC.Relation" scheme="URI" content="rzaubkickoff.htm" />
|
|
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
|
|
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
|
|
<meta name="DC.Format" content="XHTML" />
|
|
<meta name="DC.Identifier" content="rzaubterms" />
|
|
<meta name="DC.Language" content="en-us" />
|
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
|
<!-- US Government Users Restricted Rights -->
|
|
<!-- Use, duplication or disclosure restricted by -->
|
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
|
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
|
|
<link rel="stylesheet" type="text/css" href="./ic.css" />
|
|
<title>Terminology</title>
|
|
</head>
|
|
<body id="rzaubterms"><a name="rzaubterms"><!-- --></a>
|
|
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
|
|
<h1 class="topictitle1">Terminology</h1>
|
|
<div><p>This topic defines intrusion detection terms.</p>
|
|
<div class="section"><dl><dt class="dlterm">denial-of-service (DOS) attack</dt>
|
|
<dd>In computer security, an assault on a network that brings down one or
|
|
more hosts on a network such that the host is unable to perform its functions
|
|
properly. Network service is interrupted for some period.</dd>
|
|
<dt class="dlterm">Internet Control Message Protocol (ICMP)</dt>
|
|
<dd>An Internet protocol that is used by a gateway to communicate with a source
|
|
host, for example, to report an error in a datagram.</dd>
|
|
<dt class="dlterm">ICMP scan</dt>
|
|
<dd>An attack that tries to use ICMP to overload the system. This is typically
|
|
a denial-of-service attack.</dd>
|
|
<dt class="dlterm">intrusion detection</dt>
|
|
<dd>A broad term encompassing the detection of many undesirable
|
|
activities. The objective of an intrusion might be to acquire information
|
|
that a person is not authorized to have (information theft). The objective
|
|
might be to cause a business harm by rendering a network, system, or application
|
|
unusable (denial of service), or it might be to gain unauthorized use of a
|
|
system as a means for further intrusions elsewhere. Most intrusions follow
|
|
a pattern of information gathering, attempted access, and then destructive
|
|
attacks. Some attacks can be detected and neutralized by the target system.
|
|
Other attacks cannot be effectively neutralized by the target system. Most
|
|
of the attacks also make use of "spoofed" packets, which are not easily traceable
|
|
to their true origin. Many attacks now make use of unwitting accomplices,
|
|
which are machines or networks that are used without authorization to hide
|
|
the identity of the attacker. For these reasons, detecting information gathering,
|
|
access attempts, and attack behaviors are vital parts of intrusion detection.</dd>
|
|
<dt class="dlterm">port scan</dt>
|
|
<dd>An attack that attempts to connect to unused ports looking for a way to
|
|
break into the system.</dd>
|
|
<dt class="dlterm">Quality of Service (QoS)</dt>
|
|
<dd>Any operation that allows traffic priorities to be designated. Through
|
|
QoS, different traffic throughout a network can be classified and administered.</dd>
|
|
<dt class="dlterm">traffic regulation (TR)</dt>
|
|
<dd>Used for intrusion detection policies that specify the data/connection
|
|
rate thresholds.</dd>
|
|
<dt class="dlterm">User Datagram Protocol (UDP)</dt>
|
|
<dd>An Internet protocol that provides unreliable, connectionless datagram
|
|
service. It enables an application program on one machine or process to send
|
|
a datagram to an application program on another machine or process.</dd>
|
|
</dl>
|
|
</div>
|
|
</div>
|
|
<div>
|
|
<div class="familylinks">
|
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzaubkickoff.htm" title="Intrusion detection involves gathering information about unauthorized access attempts and attacks coming in over the TCP/IP network. Security administrators can analyze the auditing records that intrusion detection provides to secure the iSeries network from these types of attacks.">Intrusion detection</a></div>
|
|
</div>
|
|
</div>
|
|
</body>
|
|
</html> |