User:Rkouere/sandbox/Systèmes de détection et de prévention des intrusions informatiques distribués

New article name goes here Systèmes de détection et de prévention des intrusions informatiques distribués

= IDPS general = https://fr.wikipedia.org/wiki/Projet:Informatique_2.0

Introduction Intrusion detection is the process of monitoring the events occurring in a computer system or network and analyzing them for signs of possible incidents, which are violations or imminent threats of violation of computer security policies, acceptable use policies, or standard security practices. Intrusion prevention is the process of performing intrusion detection and attempting to stop detected possible incidents.

They primarily focused on identifying possible incidents, logging information about them, attempting to stop them, and reporting them to security administrators. In addition, organizations use IDPSs for other purposes, such as identifying problems with security policies, documenting existing threats, and deterring individuals from violating security policies. IDPSs have become a necessary addition to the security infrastructure of nearly every organization. Les deux sont http://csrc.nist.gov/publications/nistpubs/800-94/SP800-94.pdf

http://www.iosrjournals.org/iosr-jce/papers/Vol16-issue1/Version-1/H016114752.pdf Security includes prevention, detection and response. Threat to an information resource is missing data

http://download.springer.com/static/pdf/177/chp%253A10.1007%252F978-3-642-04117-4_9.pdf?originUrl=http%3A%2F%2Flink.springer.com%2Fchapter%2F10.1007%2F978-3-642-04117-4_9&token2=exp=1444127878~acl=%2Fstatic%2Fpdf%2F177%2Fchp%25253A10.1007%25252F978-3-642-04117-4_9.pdf%3ForiginUrl%3Dhttp%253A%252F%252Flink.springer.com%252Fchapter%252F10.1007%252F978-3-642-04117-4_9*~hmac=5fb363757fcc7b6b752dbc0a87dd12eebe5b6079515254a7e5d7f8809595d04b

IDPSs are primarily focused on identifying possible incidents.

IDPS could detect when an attacker has successfully compromised a system by exploiting a vulnerability in the system by loging information on the activity and report the incident to security administrators so that they could initiate incident response actions to minimize damage.

Many IDPSs can also be configured to recognize violations of acceptable use policies and other security policies.

Additionally, many IDPSs can identify reconnaissance activity, which may indicate that an attack is imminent or that a certain system or system characteristic is of particular interest to attackers. Another use of IDPSs is to gain a better understanding of the threats that they detect, particularly the frequency and characteristics of attacks, so that appropriate security measures can be identified. Some IDPSs are also able to change their security profile when a new threat is detected.