Definitions[]
General[]
Intrusion
- means an unwelcomed entry into an area by force or without permission.
- "consists of invasive acts that disturb or interrupt one's life or activities."[1]
Information system[]
An intrusion is "unauthorized access to, and/or activity in, an information system."[2]
Intrusion is
“ | [a]n unauthorized act of bypassing the security mechanisms of a network or information system.[3] | ” |
Network security[]
An intrusion (also referred to as a network intrusion) is an "unauthorized act of bypassing the security mechanisms of a system."[4]
Telecommunications[]
Intrusion is
“ | [a] communications jamming technique to confuse operators and data processing equipment. It involves the transmission of false messages on victim communication channels.[5] | ” |
Overview (Network security)[]
An intrusion may involve unauthorized access or access in excess of a user's privileges on a network. An intrusion is usually accomplished by taking advantage of a system that is not properly configured, a known vulnerability that was not patched, or weak security implementation such as a blank or easily guessed password.
“ | Although insiders have authorized access, they may engage in unauthorized activities, which are considered intrusions. . . . For example, network management technicians have authorized access to routing tables, and they are authorized to engage in defined activities, such as rerouting traffic around congested nodes. However, they are not authorized to alter routing tables to cause congestion nor are they authorized to delete routing tables, and such acts would be considered intrusions.[6] | ” |
Once access to the network has been gained, the intruder(s) can exploit the system in various ways. Some examples include —
- Intelligence gathering
- Determining user accounts and passwords
- Network mapping
- Creating additional accounts or access paths (backdoors) for later use
- Escalating user privileges
- Using sniffer software to monitor network traffic
- Using network resources to store and/or share files
- Gaining access to proprietary or confidential data
- Theft or destruction of data, and
- Using resources to identify and exploit other vulnerable systems.
References[]
- ↑ Privacy Considerations for Internet Protocols, at 14.
- ↑ Report on the NS/EP Implications of Intrusion Detection Technology Research and Development, at 6.
- ↑ NICCS, Explore Terms: A Glossary of Common Cybersecurity Terminology (full-text).
- ↑ CNSSI 4009.
- ↑ Consolidated List of Glossary Terms.
- ↑ Protecting Systems Task Force Report on Enhancing the Nation's Network Security Efforts, at 4-5 (emphasis in original).
See also[]
- Active Network Intrusion Defense
- Computer intrusion
- Computer intrusion detection
- Computer Intrusion Squad
- Cyber intrusion
- Electromagnetic intrusion
- Electronic intrusion
- The Electronic Intrusion Threat to National Security and Emergency Preparedness Telecommunications: An Awareness Document
- FBI Computer Intrusion Section
- FBI's Ability to Address the National Security Cyber Intrusion Threat
- Host Intrusion Detection System
- Host intrusion prevention
- Host-based intrusion detection and prevention system
- Intrusion detection
- Intrusion Detection and Prevention System
- Intrusion detection system
- Intrusion detector
- Intrusion prevention
- Intrusion prevention system
- Intrusion upon seclusion
- National security intrusion
- Network Intrusion Detection System
- Report on the NS/EP Implications of Intrusion Detection Technology Research and Development
- Telecommunications Outage and Intrusion Information Sharing Report
- Voice intrusion prevention system