Host-based ids, Computer Network Security

Host-Based IDS

A host-based IDS (HIDS) resides on a particular computer or server and monitors activity only on that system. HIDS also called as system integrity verifiers as they benchmark and monitor the status of key system files and detect when intruder creates, modifies, or deletes files. It is efficient enough to monitor system configuration databases. Most of the HIDSs work on principle of configuration or change in management. The HIDS examines the files and logs for predefined events. The advantage of HIDS over NIDS is which it can be installed usually so that it can access information encrypted when traveling over network.

Advantages and Disadvantages of HIDSs

Advantages

-Can detect local events on host systems and detect attacks that may elude a network based IDS
- Functions on host system, where encrypted traffic will have been decrypted and is available for processing.
-Not affected by use of switched network protocols
-Can detect inconsistencies in how applications and systems programs were used by examining records stored in the audit logs.

Disadvantages

-Pose more management issues
-Vulnerable both to direct attacks and attacks against host operating system
-Does not detect multi host scanning, nor scanning of non-host network devices
-Susceptible to some denial of service attacks
-Can use large amounts of disk space
-Can inflict a performance overhead on its host systems

Posted Date: 10/9/2012 3:45:22 AM | Location : United States







Related Discussions:- Host-based ids, Assignment Help, Ask Question on Host-based ids, Get Answer, Expert's Help, Host-based ids Discussions

Write discussion on Host-based ids
Your posts are moderated
Related Questions
Question 1:  Describe the functioning of cloud computing. Question 2: Discuss on "Platform as a Service". Question 3: Discuss the steps involved in effective co

PACKET SNIFFERS A packet network protocol analyzer is a network tool which collects copies of packets from network and analyzes them. It can give network administrator with valu

QUESTION: (a) Below is a capture of an Ethernet II frame which contains an IPv4 packet and a TCP segment. Give the source MAC address for the frame in hexadecimal; the sourc

Enterprise Information Security Policy (EISP) EISP also known as security policy directly supports the mission of the organization and sets the strategic direction, scope, and t

Question: Quality management standards are seen as a major pillar supporting the drive for continuous quality improvement through TQM. (a) What do you meant by the term ‘Qua

Routers They transfer packets among multiple interconnected network machines (i.e. LANs of different kind). They perform in the data link, physical and network layers. They ha

Question: (a) Consider that you enter the given URL in the address bar of a popular web client and that both the client and server accepts HTTP version 1.1. i. What can be t

Problem 1: Discuss how TWO of the following gurus have contributed to the Quality Movement, highlighting the major points of their philosophies: (a) Edward Deming (b) Jose


Q. Explain about Security aware protocols? The security-Aware ad hoc Routing (SAR) protocol based on the security attributes integrated into the ad hoc route discovery provides