When you are having a quiet nap in your backyard and your neighbor's dog comes in uninvited and jumps all over you to wake you up, this is an example of an intrusion.
- the act of intruding
- Law the illegal entering upon another's property without right to possession
- Law invasion of privacy
- the invasion, as of liquid magma, into or between solid rock
- the body of rock resulting from such invasion
Origin of intrusionMiddle English from Old French from Medieval Latin intrusio from Classical Latin intrusus: see intrusive
- The act of intruding or the condition of being intruded on.
- An inappropriate or unwelcome addition.
- Geology a. The forcing of molten rock into an earlier formation.b. The rock mass produced by an intrusive process.
From Old French intrusion, from Medieval Latin intrusio
intrusion - Computer Definition
To compromise a computer system by breaking the security of such a system or causing it to enter into an insecure state. The act of intruding—or gaining unauthorized access to a system—typically leaves traces that can be discovered by intrusion detection systems. One of the goals of intruders is to remain undetected for as long as possible so that they can continue with their malicious activity undisturbed.
Security professionals need to take steps when a system breach is suspected. First, suspicious accounts should be disabled immediately. Then, the suspicious accounts need to be reviewed to assess who set up the account and for what reasons. Because audit logs will indicate who created the account, finding the time and date on which the account was created will be very useful information. If the account is the outcome of a crack attack, the system reviewer will have a particular time frame in which to determine whether other audit log events are “of interest.”
If the reviewer wants to determine whether a suspicious application is indeed being used by a cracker to listen for incoming connections—a potential “back door” into the system—the reviewer is well advised to consider using a tool such as TCPView. The TCPView tool will tell the system reviewer what applications are using open system ports. Because crackers can put Trojan horses in place of the netstat and Isof programs, the reviewer should scan the attacked system from a different computer. This feat can be accomplished by using a service such as the free insecure.org nmap port scanner.
Malware can also be triggered from the operating system’s job scheduler. A system reviewer can see what jobs—legitimate or otherwise—are scheduled to be executed in the system by typing AT at the command prompt.
Haberstetzer, V. Thwarting Hacker Techniques: Signs of a Compromised System. [Online, March 21, 2005.] TechTarget Website. http://searchsecurity.techtarget.com/tip/ 0,289483,sid14_gci1069097,00.html?track=NL-35.