Host-based ids, Computer Network Security

Host-Based IDS

A host-based IDS (HIDS) resides on a particular computer or server and monitors activity only on that system. HIDS also called as system integrity verifiers as they benchmark and monitor the status of key system files and detect when intruder creates, modifies, or deletes files. It is efficient enough to monitor system configuration databases. Most of the HIDSs work on principle of configuration or change in management. The HIDS examines the files and logs for predefined events. The advantage of HIDS over NIDS is which it can be installed usually so that it can access information encrypted when traveling over network.

Advantages and Disadvantages of HIDSs

Advantages

-Can detect local events on host systems and detect attacks that may elude a network based IDS
- Functions on host system, where encrypted traffic will have been decrypted and is available for processing.
-Not affected by use of switched network protocols
-Can detect inconsistencies in how applications and systems programs were used by examining records stored in the audit logs.

Disadvantages

-Pose more management issues
-Vulnerable both to direct attacks and attacks against host operating system
-Does not detect multi host scanning, nor scanning of non-host network devices
-Susceptible to some denial of service attacks
-Can use large amounts of disk space
-Can inflict a performance overhead on its host systems

Posted Date: 10/9/2012 3:45:22 AM | Location : United States







Related Discussions:- Host-based ids, Assignment Help, Ask Question on Host-based ids, Get Answer, Expert's Help, Host-based ids Discussions

Write discussion on Host-based ids
Your posts are moderated
Related Questions
Write down the short notes on VTR.  Communication between different types of the equipment and software is made possible by making use of the networks. Full-screen text editor is s

what are the participant of marketing channal?

This assignment aims to enhance students' understanding of the network protocol hierarchy and flow control and error control techniques by implementing a sliding window protocol in

Question: a) There are two basic approaches to dealing with errors in the presence of pipelining. One way is Go-Back-N and the other strategy is Selective Repeat. i. Explain

QUESTION (a) What do you understand by a VLAN? Provide one advantage of using a VLAN. (b) What is a trunk port in a VLAN? (c) A VLAN will be created using one or more

Digital Certificates Digital Certificates are electronic document having key value and identifying information about entity which controls key. Digital signature which is attach

FRAGMENTATION Fragmentation information is kept in different extension header.  Every fragment has base header and fragmentation header. Whole datagram including original hea

IPV6 BASE HEADER FORMAT: It has less information than IPV4 message header. Next header shows to first extension message header. Flow label is partitioned into a TRAFFIC CLASS

QUESTION (a) A convex flow problem is a non linear network flow problem. Explain how a convex flow problem could be transformed into a Minimum Cost Flow problem. (b) Exp

Risk Control Strategies Once the ranked vulnerability risk worksheet has created, they should choose one of following 4 strategies to control each risk: •Apply safeguards which