IPS/IDS Terminology

IPS/IDS Terminology

You should be aware of the many security terms that are related to intrusion detection and prevention technologies.


Vulnerability :-
A vulnerability is a weakness that compromises the security or functionality of a particular system in your network.
An example of a vulnerability is a web form on your public website that does not adequately filter inputs or guard against improper data entry. An attacker
might enter invalid characters in an attempt to corrupt the underlying database.


Exploit :-
An exploit is a mechanism designed to take advantage of vulnerabilities that exist in your systems. For example, if poor passwords are in use on your network, a password-cracking package might be the exploit aimed at this vulnerability.


Signature :-
A signature is a set of instructions the sensor uses to identify an unwanted traffic type. A signature is usually created to watch network traffic for a particular vulnerability or exploit..


False Alarms :-
False alarms are IDS/IPS events that you do not want occurring in your implementation. The two types of false alarms are false positives and false negatives. Both are undesirable.


False Positive
A false positive means that an alert has been triggered, but it was for traffic that does not constitute an actual attack. This type of traffic is often called benign traffic.


False Negative
A false negative occurs when attack traffic does not trigger an alert on the IDS/IPS device. This is often viewed as the worst type of false alarm—for obvious reasons.


True Alarms :-
The two types of true alarms in IDS/IPS terminology are true positive and true negative. Both are desirable.


True Positive
A true positive means that the IDS/IPS device recognized and responded to an attack.


True Negative
This means that nonoffending or benign traffic did not trigger an alarm.