Protocol-based intrusion detection system: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 20:30, 19 July 2006 edit Reedy (talk \| contribs) Edit filter managers, Administrators 34,728 edits m Limited spellcheck + unicode + minor fixes using mboverload's RegExTypoFix, Replaced: anomolous => anomalous, using AWB ← Previous edit		Latest revision as of 12:38, 12 July 2024 edit undo Procyon117 (talk \| contribs) Extended confirmed users 17,627 edits Restore
(22 intermediate revisions by 16 users not shown)
Line 1: {{More sources needed\|date=July 2024}} A '''Protocol-based Intrusion Detection System (PIDS)''', is a special category of an [[Intrusion detection system\|Intrusion-Detection System]], and focuses its monitoring and analysis on the protocol or protocols in use by the computing system. A '''protocol-based intrusion detection system''' ('''PIDS''') is an [[intrusion detection system]] which is typically installed on a [[web server]], and is used in the monitoring and analysis of the [[Communications protocol\|protocol]] in use by the computing system. A PIDS will monitor the dynamic behavior and state of the protocol and will typically consist of a system or agent that would typically sit at the front end of a server, monitoring and analyzing the communication between a connected device and the system it is protecting. A typical use for a PIDS would be at the front end of a web server monitoring the [[HTTP]] (or [[HTTPS]]) stream.<ref>{{Cite web \|date=2023-04-19 \|title=What is an Intrusion Detection System (IDS)? {{!}} IBM \|url=https://www.ibm.com/topics/intrusion-detection-system \|access-date=2024-07-09 \|website=www.ibm.com \|language=en-us}}</ref> Because it understands the HTTP relative to the web server/system it is trying to protect it can offer greater protection than less in-depth techniques such as filtering by [[IP address]] or [[port number]] alone, however this greater protection comes at the cost of increased computing on the web server. ~~== Overview ==~~ ~~A PIDS will monitor the dynamic behavior and state of the protocol and will typically consists of a system or agent~~ ~~that would typically sit at the front end of a server, monitoring and analysing the communication protocol between a connected device (a user/PC or system) and the system it is protecting.~~ Where HTTPS is in use then this system would need to reside in the "shim" or interface between where HTTPS is [[Cryptography\|un-encrypted]] and immediately prior to it entering the Web [[presentation layer]].▼ A typical place for a PIDS would at the front end of a web server monitoring the HTTP (or HTTPS) protocol stream and would understand the HTTP protocol relative to the web server/system it is trying to protect. === Monitoring dynamic behavior ===▼ ▲Where HTTPS is in use then this system would need to reside in the "shim" or interface between where HTTPS is un-encrypted and immediately prior to it entering the Web presentation layer. AsAt a basic level a PIDS would look for, and enforce, the correct ~~(legal)~~ use of the protocol. ▼ At a more advanced level the PIDS can learn or be taught acceptable ~~constricts~~constructs of the protocol, and thus better detect anomalous ~~behaviour~~behavior.▼ ▲=== Monitoring dynamic behavior === ▲As a basic level PIDS would look for, and enforce the correct (legal) use of the protocol. ▲At a more advanced level the PIDS can learn or be taught acceptable constricts of the protocol, and thus better detect anomalous behaviour. ==See also== * [[~~Intrusion~~Application protocol-based intrusion detection system]] (APIDS) * [[~~network~~Host-based intrusion detection system~~\|Network Intrusion Detection System~~]] (HIDS) * [[~~Host-based intrusion~~Intrusion detection system]] (IDS) * [[Network intrusion detection system]] (NIDS) * [[Application Protocol-based Intrusion Detection System]] ▼ * [[Tripwire (software)]] -– a pioneering HIDS * [[Trusted Computing Group]] * [[Trusted platform module]] ==References== [[Category:Security software]]▼ {{Reflist}} ~~[[Category:System administration]]~~ ▲* [[Application {{DEFAULTSORT:Protocol-~~based~~Based Intrusion Detection System]] }} [[Category:Intrusion detection systems]] ▲[[Category:~~Security~~Web server management software]] [[es:PIDS]]