Host-based ids, Computer Network Security

Host-Based IDS

A host-based IDS (HIDS) resides on a particular computer or server and monitors activity only on that system. HIDS also called as system integrity verifiers as they benchmark and monitor the status of key system files and detect when intruder creates, modifies, or deletes files. It is efficient enough to monitor system configuration databases. Most of the HIDSs work on principle of configuration or change in management. The HIDS examines the files and logs for predefined events. The advantage of HIDS over NIDS is which it can be installed usually so that it can access information encrypted when traveling over network.

Advantages and Disadvantages of HIDSs

Advantages

-Can detect local events on host systems and detect attacks that may elude a network based IDS
- Functions on host system, where encrypted traffic will have been decrypted and is available for processing.
-Not affected by use of switched network protocols
-Can detect inconsistencies in how applications and systems programs were used by examining records stored in the audit logs.

Disadvantages

-Pose more management issues
-Vulnerable both to direct attacks and attacks against host operating system
-Does not detect multi host scanning, nor scanning of non-host network devices
-Susceptible to some denial of service attacks
-Can use large amounts of disk space
-Can inflict a performance overhead on its host systems

Posted Date: 10/9/2012 3:45:22 AM | Location : United States







Related Discussions:- Host-based ids, Assignment Help, Ask Question on Host-based ids, Get Answer, Expert's Help, Host-based ids Discussions

Write discussion on Host-based ids
Your posts are moderated
Related Questions
Write down short notes on the architecture of WWW which is World Wide Web. WWW which means The World Wide web or the web is a repository of information spread worldwide and rel

TRANSMISSION ERRORS:  Transmission exceptions may happen due to different causes for example power surges or interference may delete data during transmission. In result of wh

Question: (a) Explain how the Diffie-Hellman key establishment protocol works. (b) Prove that the Diffie-Hellman key establishment protocol is vulnerable to a `man in the mi

QUESTION (a) Which PKI (Public Key Infrastructure) model is typically favored by business organization? (b) Give one possible use of the "extensions" field of an X.509 certi

PACKET SNIFFERS A packet network protocol analyzer is a network tool which collects copies of packets from network and analyzes them. It can give network administrator with valu

(a) Figure is a representation of a TCP header. For each of the fields lettered from A to G, state the name of the field and provide a brief explanation for the function of each fi

UDP COMMUNICATION SEMANTICS:  UDP needs IP for all delivery, that is, similar best effort delivery as IP. To use UDP, an application have to either be immune to the causes or

Attacker's Motives behind the Cyber Attack Before adapting the necessary measures to deal with the problem, understanding and evaluating the blogger's psyche and his motivation

Digital Certificates Digital Certificates are electronic document having key value and identifying information about entity which controls key. Digital signature which is attach

DATAGRAM REASSEMBLY Recreation of original datagram is known as reassembly. Ultimate receiver acts reassembly as given below.Fragments can reach out of order. Header bit check