Host-based ids, Computer Network Security

Host-Based IDS

A host-based IDS (HIDS) resides on a particular computer or server and monitors activity only on that system. HIDS also called as system integrity verifiers as they benchmark and monitor the status of key system files and detect when intruder creates, modifies, or deletes files. It is efficient enough to monitor system configuration databases. Most of the HIDSs work on principle of configuration or change in management. The HIDS examines the files and logs for predefined events. The advantage of HIDS over NIDS is which it can be installed usually so that it can access information encrypted when traveling over network.

Advantages and Disadvantages of HIDSs

Advantages

-Can detect local events on host systems and detect attacks that may elude a network based IDS
- Functions on host system, where encrypted traffic will have been decrypted and is available for processing.
-Not affected by use of switched network protocols
-Can detect inconsistencies in how applications and systems programs were used by examining records stored in the audit logs.

Disadvantages

-Pose more management issues
-Vulnerable both to direct attacks and attacks against host operating system
-Does not detect multi host scanning, nor scanning of non-host network devices
-Susceptible to some denial of service attacks
-Can use large amounts of disk space
-Can inflict a performance overhead on its host systems

Posted Date: 10/9/2012 3:45:22 AM | Location : United States







Related Discussions:- Host-based ids, Assignment Help, Ask Question on Host-based ids, Get Answer, Expert's Help, Host-based ids Discussions

Write discussion on Host-based ids
Your posts are moderated
Related Questions
SHIFT OPERATION:  This operation replaced all bits to the left one position. For example in the diagram below a 16-bit CRC hardware is given, which needs three Exclusive OR (

Categories of Controls Controlling risk through mitigation, avoidance or transference is accomplished by implementing controls. There are 4 effective approaches to select the co

LOCALITY OF REFERENCE PRINCIPLE:  Principle of "Locality of Reference" use to predict computer interaction patterns. There are two patterns shown as follows: a) Spatial loca

QUESTION (a) What do you understand by a VLAN? Provide one advantage of using a VLAN. (b) What is a trunk port in a VLAN? (c) A VLAN will be created using one or more

(a) Using the extended Euclidean algorithm, find the multiplicative inverse of 504 mod 67. (b) Decrypt the following ciphertext, which has been encrypted using Caesar cipher:

(a) Using Fermat's theorem, find 3 201 mod 11. (b) Explain how the Diffie-Hellman key agreement protocol works and what its purpose and main properties are. Consider a Dif

Digital Signatures Digital Signatures are encrypted messages which can be proven mathematically to be authentic. These are created in response to rising requirement to verify in

SECURING THE COMPONENTS Computer can be subject of an attack or the object of an attack. When subject of an attack, computer is used as lively tool to conduct attack. The figure

Q1 (15 marks, 5 marks each part): This question has three parts: In a short paragraph (200-300 words) explain the fundamentals of Packet Switching and how it works. In a short pa

Question: a) What do you meant by Privacy? b) Name the four privacy violations. c) Often, aggregate information and anonymized information can be combined to identif