Host-based ids, Computer Network Security

Host-Based IDS

A host-based IDS (HIDS) resides on a particular computer or server and monitors activity only on that system. HIDS also called as system integrity verifiers as they benchmark and monitor the status of key system files and detect when intruder creates, modifies, or deletes files. It is efficient enough to monitor system configuration databases. Most of the HIDSs work on principle of configuration or change in management. The HIDS examines the files and logs for predefined events. The advantage of HIDS over NIDS is which it can be installed usually so that it can access information encrypted when traveling over network.

Advantages and Disadvantages of HIDSs

Advantages

-Can detect local events on host systems and detect attacks that may elude a network based IDS
- Functions on host system, where encrypted traffic will have been decrypted and is available for processing.
-Not affected by use of switched network protocols
-Can detect inconsistencies in how applications and systems programs were used by examining records stored in the audit logs.

Disadvantages

-Pose more management issues
-Vulnerable both to direct attacks and attacks against host operating system
-Does not detect multi host scanning, nor scanning of non-host network devices
-Susceptible to some denial of service attacks
-Can use large amounts of disk space
-Can inflict a performance overhead on its host systems

Posted Date: 10/9/2012 3:45:22 AM | Location : United States







Related Discussions:- Host-based ids, Assignment Help, Ask Question on Host-based ids, Get Answer, Expert's Help, Host-based ids Discussions

Write discussion on Host-based ids
Your posts are moderated
Related Questions
WHY USE AN IDS? IDS prevent from problem behaviors by increasing the perceived risk of discovery and punishment. Detect the attacks and other security violations. Detect and at

Question: (a) How can you prevent someone from accessing your computer when you leave your office for some time? (b) What is the difference between a classic login and a w

Symmetric Encryption This encryption method makes use of same “secret key” to encipher and decipher the message and it is termed as private key encryption. This type of encrypti

Question : Environmental Accounting is a means for businesses to fulfill their responsibilities for accountability to stakeholders. (a) What do you understand by Environment

TCP-RELIABLE TRANSPORT SERVICE INTRODUCTION:  TCP is the major transport protocol architecture in the TCP/IP suite. It uses unreliable datagram function offered by IP whe

The project will be involving a design and a report of which explain the simulation and how it functions. The aim of the project is to help the administrators and staff at the war

QUESTION (a) Briefly explain the contents of the Needs Analysis, which is step in the process of network design. (b) Describe on the three ways of improving the performan

TRAP AND TRACE SYSTEMS Trap and Trace Systems use techniques to detect an intrusion and trace it back to its source. Trap comprises of honey pot or padded cell and alarm. The dr

Problem 1: What is the function of AUC in the GSM architecture? Explanation of HLR(AUC) Architecture of GSM Problem 2: Show the layered architecture of t

You are hired as a consultant to help design a digital library in which books are scanned and stored digitally and made available to users of the World Wide Web. Assume that the li