Host-based ids, Computer Network Security

Host-Based IDS

A host-based IDS (HIDS) resides on a particular computer or server and monitors activity only on that system. HIDS also called as system integrity verifiers as they benchmark and monitor the status of key system files and detect when intruder creates, modifies, or deletes files. It is efficient enough to monitor system configuration databases. Most of the HIDSs work on principle of configuration or change in management. The HIDS examines the files and logs for predefined events. The advantage of HIDS over NIDS is which it can be installed usually so that it can access information encrypted when traveling over network.

Advantages and Disadvantages of HIDSs

Advantages

-Can detect local events on host systems and detect attacks that may elude a network based IDS
- Functions on host system, where encrypted traffic will have been decrypted and is available for processing.
-Not affected by use of switched network protocols
-Can detect inconsistencies in how applications and systems programs were used by examining records stored in the audit logs.

Disadvantages

-Pose more management issues
-Vulnerable both to direct attacks and attacks against host operating system
-Does not detect multi host scanning, nor scanning of non-host network devices
-Susceptible to some denial of service attacks
-Can use large amounts of disk space
-Can inflict a performance overhead on its host systems

Posted Date: 10/9/2012 3:45:22 AM | Location : United States







Related Discussions:- Host-based ids, Assignment Help, Ask Question on Host-based ids, Get Answer, Expert's Help, Host-based ids Discussions

Write discussion on Host-based ids
Your posts are moderated
Related Questions
Question: a) Explain what the following intermediate systems are and how they work? i. Repeater ii. Bridge b) A service is formally specified by a set of primitives (op

Bridges perform both in the data link layers and physical of LANs of same kind. They split a bigger network in to smaller segments. They have logic that accept them to store the


GROWTH OF LAN TECHNOLOGY The production of shared communication channels (LANs) started in 1960s and early 1970. The basic idea behind was to reduce the number of connectio

Problem 1: Show what are the benefits of project quality management? • Customer satisfaction • Reduced cost • Increased competitiveness • Fulfilment of social and economic r

on LAN,where are IP datagrams transported?

QUESTION (a) Which PKI (Public Key Infrastructure) model is typically favored by business organization? (b) Give one possible use of the "extensions" field of an X.509 certi

Problem: (a) What is a firewall and which are its most important tasks? (b) What is the difference between default deny and default permit? Which advantages and disadvanta

QUESTION 1 Using a real life scenario or context list and set the scene for at least four advantages that an organized incident response program promotes. QUESTION 2 Yo

Address resolution algorithms may be grouped into three basic types: Table lookup Closed-form computation Message Exchange 1. TABLE LOOKUP: In Table Loo