IBM i5/OS Intrusion Detection System

An IBM Redpaper publication

Published 08 January 2007

cover image

IBM Form #: REDP-4226-00
(22 pages)

More options

Rating

Authors: Yessong Johng, Jim Coon, Craig Jacquez

Abstract

The Intrusion Detection System (IDS), introduced in IBM i5/OS, is a system that notifies you of attempts to hack into, disrupt, or deny service to the system. Prior to IDS, the i5/OS took some protective measures against the types of intrusions described here. However, with the new IDS support, the i5/OS system can now tell you about the intrusions.
This IBM Redpaper describes the following types of intrusions on the i5/OS system that are caught, audited, and, in many cases, discarded—before they become a threat:
Attacks
- IP fragments
- Malformed packets
- SYN floods
- Internet Control Message Protocol (ICMP) redirect messages
- Perpetual echo
- Restricted IP options
- Restricted IP protocols
Scans
Traffic regulation anomalies for TCP and UDP

Table of contents

Intrusion types
Setup for IDS notification on i5/OS
IDS policy file
Intrusion Monitor (IM) entries
Verifying IDS policy implementation

Follow IBM Redbooks

Follow IBM Redbooks