Intrusion
detection (ID) is a type of security management system for computers and
networks.
An
ID system gathers and analyzes information from various areas within a computer
or a network to identify possible security breaches, which include both
intrusions (attacks from outside the organization) and misuse (attacks from
within the organization).
ID
uses vulnerability assessment (sometimes refered to as scanning),
which is a technology developed to assess the security of a computer system or
network.
Intrusion
detection functions include:
Monitoring
and analyzing both user and system activities
Analyzing
system configurations and vulnerabilities
Assessing
system and file integrity
Ability
to recognize patterns typical of attacks
Analysis
of abnormal activity patterns
Tracking
user policy violations