Host-based ids, Computer Network Security

Host-Based IDS

A host-based IDS (HIDS) resides on a particular computer or server and monitors activity only on that system. HIDS also called as system integrity verifiers as they benchmark and monitor the status of key system files and detect when intruder creates, modifies, or deletes files. It is efficient enough to monitor system configuration databases. Most of the HIDSs work on principle of configuration or change in management. The HIDS examines the files and logs for predefined events. The advantage of HIDS over NIDS is which it can be installed usually so that it can access information encrypted when traveling over network.

Advantages and Disadvantages of HIDSs

Advantages

-Can detect local events on host systems and detect attacks that may elude a network based IDS
- Functions on host system, where encrypted traffic will have been decrypted and is available for processing.
-Not affected by use of switched network protocols
-Can detect inconsistencies in how applications and systems programs were used by examining records stored in the audit logs.

Disadvantages

-Pose more management issues
-Vulnerable both to direct attacks and attacks against host operating system
-Does not detect multi host scanning, nor scanning of non-host network devices
-Susceptible to some denial of service attacks
-Can use large amounts of disk space
-Can inflict a performance overhead on its host systems

Posted Date: 10/9/2012 3:45:22 AM | Location : United States







Related Discussions:- Host-based ids, Assignment Help, Ask Question on Host-based ids, Get Answer, Expert's Help, Host-based ids Discussions

Write discussion on Host-based ids
Your posts are moderated
Related Questions
QUESTION (a) (i) Describe Phishing attacks. (ii) Distinguish between Phishing and Spear Phishing attacks. (b) Describe two instances where an attacker sniffing on a netwo

CRC can detect the following errors better than check sums. a) Vertical errors b) Burst errors a) VERTICAL ERRORS:  This kind of error happens due to a hardware fai

Question: (a) Explain the following security services: Confidentiality, Availability. (b) Which attack will be used to bypass even the best physical and logical security m

Write down the significance of the syntax conversion . Syntax Conversion is described below: Syntax conversion is a significant function carried out in the presentation layer. I

IPV6 NEXT HEADER It is given in the figure below:

QUESTION (a) FTP is a protocol used for the delivery of files across networks. Explain how FTP works (support your answer with a diagram). (b) How does TCP perform the gi

Systems-Specific Policy (SysSP) SysSPs are codified as standards and procedures which are used when configuring or maintaining systems. Systems specific policies fall into 2 g

Divide the user data into 6 equal sets. Use the first set for the enrollment phase of your system, and the rest for the verification phase. Use the following formula to calculate t


a) Wireless local area network (WLAN) technologies constitute a fast-growing market introducing the flexibility of wireless access into office, home, or production environments. G