Intrusion detection

Intrusion detection involves gathering information about unauthorized access attempts and attacks coming in via the TCP/IP network. Your overall security policy will have a section devoted to intrusion detection.

The term intrusion detection is used two ways in IBM i documentation. In the first sense, intrusion detection refers to the prevention and detection of security exposures. For example, a hacker might be trying to break into the system using an invalid user ID, or an inexperienced user with too much authority might be altering important objects in system libraries.

In the second sense, intrusion detection refers to the new intrusion detection function that uses policies to monitor suspicious traffic on the system. You can create an intrusion detection policy that audits suspicious intrusion events that come in through the TCP/IP network.