Intrusion detection concepts

An intrusion detection policy defines the parameters that the Intrusion Detection System (IDS) uses to monitor for potential intrusions and extrusions on the system. If a potential intrusion or extrusion is detected, an intrusion event is logged in an intrusion monitor record in the security audit journal.

Before IDS can monitor for potential intrusions, you need to use the Intrusion Detection System GUI to create a set of intrusion detection policies that cover various types of intrusions. Once the intrusion detection policies have been created and IDS has been started, the TCP/IP stack detects potential intrusions and extrusions based on those policies.

You can create any of the following:
  • A set of default intrusion detection policies that monitor the entire system. Your default policies include attack, scan, and traffic regulation policies.
  • Attack policies.
  • Scan policies.
  • Traffic regulation policies.

Use the Intrusion Detection Events page to display the intrusion events that have been logged on the system, as well as to view details about each event.