Host-based ids, Computer Network Security

Host-Based IDS

A host-based IDS (HIDS) resides on a particular computer or server and monitors activity only on that system. HIDS also called as system integrity verifiers as they benchmark and monitor the status of key system files and detect when intruder creates, modifies, or deletes files. It is efficient enough to monitor system configuration databases. Most of the HIDSs work on principle of configuration or change in management. The HIDS examines the files and logs for predefined events. The advantage of HIDS over NIDS is which it can be installed usually so that it can access information encrypted when traveling over network.

Advantages and Disadvantages of HIDSs

Advantages

-Can detect local events on host systems and detect attacks that may elude a network based IDS
- Functions on host system, where encrypted traffic will have been decrypted and is available for processing.
-Not affected by use of switched network protocols
-Can detect inconsistencies in how applications and systems programs were used by examining records stored in the audit logs.

Disadvantages

-Pose more management issues
-Vulnerable both to direct attacks and attacks against host operating system
-Does not detect multi host scanning, nor scanning of non-host network devices
-Susceptible to some denial of service attacks
-Can use large amounts of disk space
-Can inflict a performance overhead on its host systems

Posted Date: 10/9/2012 3:45:22 AM | Location : United States







Related Discussions:- Host-based ids, Assignment Help, Ask Question on Host-based ids, Get Answer, Expert's Help, Host-based ids Discussions

Write discussion on Host-based ids
Your posts are moderated
Related Questions
Question : An aircraft manufacturing company is considering linking the network of one of its offices to the network of its Headquarter using either xDSL or ISDN. i. Compare

Consider the following case study: In order to avoid criticisms of their existing manned road-toll payment system on its private road, WS-Pass has decided to adopt an automated

QUESTION The major decision hierarchy for disclosing security problems is if the problem is with the product owned by the business or if it is used by the business. Although th

Ethernet is a commonly used LAN technology. It was discovered at EXROX PARC(Palo Alto Research Center) in 1970s.Xerox, Intel and Digital described it in a standard so it is also kn

ADDRESS RESOLUTION WITH CLOSED-FORM COMPUTATION For networks use reliable addressing, it is possible to select an address that creates closed-form address resolution possible.

UDP COMMUNICATION SEMANTICS:  UDP needs IP for all delivery, that is, similar best effort delivery as IP. To use UDP, an application have to either be immune to the causes or

Hardware, Software, and Network Asset Identification What information attributes to track is dependent on: •    Requires of organization/risk management efforts •    Management

You are provided with 3000 sample keystrokes for 5 users mentioned above. You can find this data using the ‘Lab 2 User Data' link in the ‘Lab 2' folder on Blackboard. Please note t

Question (a) In relation to a TCP segment structure, provide the fields responsible for: i. Connection Management ii. Flow Control iii. Error Control iv. Reliable, in-order

Question: (a) A string of ciphertext was enciphered using an a±ne transformation of single letters in a 28-letter alphabet consisting of A to Z, a blank and a?, where A to Z ha