Paul, I don't pretend to be an expert on IDS but at least I *think* of it in terms of unauthorized network access: outside devices and typically unauthorized users "trying to get in."
I would agree with your second sentence. The two overlap. Like everything else in this industry, the terms have somewhat fuzzy meanings. The Wikipedia definition of HIDS includes "It takes a snapshot of existing system files and matches it to the previous snapshot" which I would call File Integrity Monitoring, not HIDS. I guess if you are looking at a *particular* IDS product you need to inventory *its* particular capabilities. In response to your other reply, "what is the increase in CPU?" is kind of "how long is a piece of string?" Customers sometimes ask us "will there be any increase in CPU?" Well, yes, anything you do on a computer uses CPU. We (and all vendors) are very, very conscious of how important CPU time is to customers. Charles -----Original Message----- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of esst...@juno.com Sent: Sunday, July 16, 2017 5:28 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Need Hep with HIDS and z/OS Charles Mills wrote >"log user actions and tie said actions back to that user via a unique >identifier" >That is not intrusion detection. Intrusion detection is a good thing, >but it is basically looking for outsiders trying to get in. (Loosely >speaking.) Not known users doing good and occasionally bad things. Do I understand this correctly Intrusion detection deals with Outsiders trying to access a system ? Where as Logging user actions and coordinating a users activity using a unique identifier validates in-house or business users activities. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN