Revision as of 01:32, 10 May 2007 edit Newbyguesses (talk \| contribs) Extended confirmed users 7,860 edits removed unnecessary heading -needs expanding ← Previous edit		Revision as of 21:40, 28 July 2007 edit undo AndrewBuck (talk \| contribs) Extended confirmed users 1,965 edits wikified (removed tag) and copyeditied Next edit →
Line 1: A '''protocol-based intrusion detection system (PIDS)''' is an [[intrusion detection system]] which is typically installed on a ~~(computer)~~ [[web server]], and ofis ~~use~~used in the monitoring and analysis of the [[Communications protocol ~~or protocols~~\|protocol]] in use by the computing system. A PIDS will monitor the dynamic behavior and state of the protocol and will typically consist of a system or agent that would typically sit at the front end of a server, monitoring and analyzing the communication between a connected device and the system it is protecting.▼ ~~{{Wikify\|date=December 2006}}~~ A typical ~~place~~use for a PIDS would be at the front end of a web server monitoring the [[HTTP]] (or [[HTTPS]]) protocol stream. ~~and~~ ~~would~~Because it ~~understand~~understands the HTTP protocol relative to the web server/system it is trying to protect it can offer greater protection than less in-depth techniques such as filtering by [[IP address]] or [[port number]] alone, however this greater protection comes at the cost of increased computing on the web server.▼ ▲A '''protocol-based intrusion detection system (PIDS)''' is an [[intrusion detection system]] which is typically installed on a (computer) web server, and of use in monitoring and analysis of the protocol or protocols in use by the computing system. Where HTTPS is in use then this system would need to reside in the "shim" or interface between where HTTPS is [[Cryptography\|un-encrypted]] and immediately prior to it entering the Web [[presentation layer]].▼ ~~A PIDS will monitor the dynamic behavior and state of the protocol and will typically consist of a system or agent~~ ~~that would typically sit at the front end of a server, monitoring and analysing the communication protocol between a connected device (a user/PC or system) and the system it is protecting.~~ ▲A typical place for a PIDS would be at the front end of a web server monitoring the HTTP (or HTTPS) protocol stream and would understand the HTTP protocol relative to the web server/system it is trying to protect. ▲Where HTTPS is in use then this system would need to reside in the "shim" or interface between where HTTPS is un-encrypted and immediately prior to it entering the Web presentation layer. === Monitoring dynamic behavior === At a basic level a PIDS would look for, and enforce, the correct ~~(legal)~~ use of the protocol. At a more advanced level the PIDS can learn or be taught acceptable ~~constricts~~constructs of the protocol, and thus better detect anomalous ~~behaviour~~behavior. ==See also==

Protocol-based intrusion detection system: Difference between revisions