Host-based ids, Computer Network Security

Host-Based IDS

A host-based IDS (HIDS) resides on a particular computer or server and monitors activity only on that system. HIDS also called as system integrity verifiers as they benchmark and monitor the status of key system files and detect when intruder creates, modifies, or deletes files. It is efficient enough to monitor system configuration databases. Most of the HIDSs work on principle of configuration or change in management. The HIDS examines the files and logs for predefined events. The advantage of HIDS over NIDS is which it can be installed usually so that it can access information encrypted when traveling over network.

Advantages and Disadvantages of HIDSs

Advantages

-Can detect local events on host systems and detect attacks that may elude a network based IDS
- Functions on host system, where encrypted traffic will have been decrypted and is available for processing.
-Not affected by use of switched network protocols
-Can detect inconsistencies in how applications and systems programs were used by examining records stored in the audit logs.

Disadvantages

-Pose more management issues
-Vulnerable both to direct attacks and attacks against host operating system
-Does not detect multi host scanning, nor scanning of non-host network devices
-Susceptible to some denial of service attacks
-Can use large amounts of disk space
-Can inflict a performance overhead on its host systems

Posted Date: 10/9/2012 3:45:22 AM | Location : United States







Related Discussions:- Host-based ids, Assignment Help, Ask Question on Host-based ids, Get Answer, Expert's Help, Host-based ids Discussions

Write discussion on Host-based ids
Your posts are moderated
Related Questions
Let me know the details of protocol tcp/ip

Question 1: (a) With the help of a diagram show the basic structure of a computer system. (b) Explain as fully as you can each of the parts mentioned above. (c) What are

Mapping between a hardware address and a protocol address is known Address Resolution. A router or host uses address resolution when it requires to transmit a packet to another dev

QUESTION There are generally five factors that will influence how you respond to computer security incidents- The effect the incident has on your business Legal issue

Internet Protocol IP Gives computer-to-computer communication. Host and receiver addresses are computers. This is also known machine-to-machine communication.

Question An organization is planning to connect its networks to the Internet. The network is located within a four story building. A web server supporting online sales is also

INTRODUCTION TO RISK MANAGEMENT Risk management is the procedure of identifying and controlling risks facing an organization. Risk management is the discipline which is employed

QUESTION (In this question, you will need to use the ISO 27001:2005 and ISO 27002:2005 standards) For each of the situations below, comment on the following: 1. Mention

A Network is described as a system for connecting computers using a single transmission technology. The computers can interact with each other in a network. They can receive an

The objective of this example is to demonstrate the steps required for a successful attack against a vulnerable Windows XP SP2 system. It will show: a) how Nessus can be used to di