The intrusion detection and prevention system (IDS) notifies you of attempts to hack into, disrupt, or deny service to the system. IDS also monitors for potential extrusions, where your system might be used as the source of the attack. These potential intrusions and extrusions are logged as intrusion monitor audit records in the security audit journal and displayed as intrusion events in the Intrusion Detection System graphical user interface (GUI). You can configure IDS to prevent intrusions and extrusions from occurring.
Intrusion detection involves gathering information about attacks arriving over the TCP/IP network. Intrusions encompass many undesirable activities, such as information theft and denial of service attacks. The objective of an intrusion might be to acquire information that a person is not authorized to have (information theft). The objective might be to cause a business harm by rendering a network, system, or application unusable (denial of service), or it might be to gain unauthorized use of a system as a means for further intrusions elsewhere. Most intrusions follow a pattern of information gathering, attempted access, and then destructive attacks. Some attacks can be detected and neutralized by the target system. Other attacks cannot be effectively neutralized by the target system. Most of the attacks also make use of spoofed packets, which are not easily traceable to their true origin. Many attacks make use of unwitting accomplices, which are machines or networks that are used without authorization to hide the identity of the attacker. For these reasons, a vital part of intrusion detection is gathering information, and detecting and preventing system attacks.
The IDS GUI allows you to configure and manage intrusion detection policies, and start and stop IDS. You no longer have to edit the IDS policy configuration file directly. You can use the IDS GUI to display the intrusion events that have been logged in the audit journal. Security administrators can analyze the audit records that IDS provides to secure the network from these types of attacks. In addition, you can use the IDS GUI to manage IDS on your IBM i systems.
IDS does not monitor for viruses, Trojan horse programs, or malicious e-mail attachments.