Host-based ids, Computer Network Security

Host-Based IDS

A host-based IDS (HIDS) resides on a particular computer or server and monitors activity only on that system. HIDS also called as system integrity verifiers as they benchmark and monitor the status of key system files and detect when intruder creates, modifies, or deletes files. It is efficient enough to monitor system configuration databases. Most of the HIDSs work on principle of configuration or change in management. The HIDS examines the files and logs for predefined events. The advantage of HIDS over NIDS is which it can be installed usually so that it can access information encrypted when traveling over network.

Advantages and Disadvantages of HIDSs

Advantages

-Can detect local events on host systems and detect attacks that may elude a network based IDS
- Functions on host system, where encrypted traffic will have been decrypted and is available for processing.
-Not affected by use of switched network protocols
-Can detect inconsistencies in how applications and systems programs were used by examining records stored in the audit logs.

Disadvantages

-Pose more management issues
-Vulnerable both to direct attacks and attacks against host operating system
-Does not detect multi host scanning, nor scanning of non-host network devices
-Susceptible to some denial of service attacks
-Can use large amounts of disk space
-Can inflict a performance overhead on its host systems

Posted Date: 10/9/2012 3:45:22 AM | Location : United States







Related Discussions:- Host-based ids, Assignment Help, Ask Question on Host-based ids, Get Answer, Expert's Help, Host-based ids Discussions

Write discussion on Host-based ids
Your posts are moderated
Related Questions
how can you enter the ASVAB practice test on line?

QUESTION (a) A convex flow problem is a non linear network flow problem. Explain how a convex flow problem could be transformed into a Minimum Cost Flow problem. (b) Exp

QUESTION a) Below is a capture of an Ethernet II frame which contains an IPv4 packet and a segment. Give the source MAC address in hexadecimal; the source IP address, the uppe

TRANSPORT PROTOCOLS: Give application-to-application communication. Require extended addressing mechanisms to check applications. Are known end-to-end communicatio

Problem (a) The IEEE 802 series of standards describe both the Physical and Data Link layers of their respective technologies. Two important standards are 802.3 and 802.5, respect

QUESTION a) Explain the terms traffic engineering, class-based queuing, shaping and grooming in an MPLS network. b) Using an example topology, illustrate the label swi

Public Key Infrastructure (PKI) It is integrated system of software, encryption methodologies, protocols, legal agreements, and 3rd-party services enabling users to communicate

Risk Control Strategies Once the ranked vulnerability risk worksheet has created, they should choose one of following 4 strategies to control each risk: •    Apply safeguards wh

The Cost Benefit Analysis (CBA) Formula CBA determines that whether the control alternative being evaluated is worth cost incurred to control vulnerability or not. CBA easily ca

Produce a short report of your experiences in installing and using PGP. The report should be written in the form of a journal that contains at least the following items: A de