The Office of Information Security (OIS) uses Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) to help identify and prevent malicious activity on computers connected to a network. These tools focus on identifying possible incidents (such as personal data release), then log information about the incidents and attempt to stop them.
In today’s environment, where anti-virus software does not stop all threats and even legitimate Web browsing can lead to a compromise, utilizing IDS and IPS are an important part of securing the University’s IT infrastructure.
IDS/IPS Incident Focus
IDS/IPS incident focus includes:
- controllers of botnets, trojans, and rootkits (advanced viruses)
- providers of malware (e.g., malicious advertisements on legitimate websites)
- scans or exploits typically not blocked by firewalls
- adware on spyware that may leak information
- Denial of Service (DOS) attacks