Network-based ids (nids), Computer Network Security

Network-Based IDS (NIDS)

A NIDS resides on computer or appliance connected to segment of an organization’s network and looks for signs of attacks. While examining packets, a NIDS looks for the attack patterns. Installed at specific place in the network where it can watch traffic going into and out of particular network segment. It can detect various types of attacks, but requires much complex configuration and maintenance program.

NIDS Signature Matching


To detect an attack, NIDSs look for attack patterns, which are done by using special implementation of TCP/IP stack.In this technique of protocol stack verification, NIDSs look for invalid data packets structure. In the application protocol verification, higher order protocols are examined for the improper use.

Advantages and Disadvantages of NIDSs

Advantages:
-Good network design and placement of NIDS can enable organization to use a few devices to monitor large network
-NIDSs are usually passive and can be deployed into existing networks with little disruption to normal network operations
-NIDSs not susceptible to direct attack and may not be detectable by attackers.

Disadvantages:
-Can become overwhelmed by network volume and fail to recognize attacks
-Require access to all traffic to be monitored
-Cannot analyze encrypted packets
-Cannot reliably ascertain if attack was successful or not
- Some forms of attack are not easily discerned by NIDSs, specifically those involving fragmented packets

Posted Date: 10/9/2012 3:44:08 AM | Location : United States







Related Discussions:- Network-based ids (nids), Assignment Help, Ask Question on Network-based ids (nids), Get Answer, Expert's Help, Network-based ids (nids) Discussions

Write discussion on Network-based ids (nids)
Your posts are moderated
Related Questions
on LAN,where are IP datagrams transported?

Project Name : Computer Adaptive Test Role : Day to Day interaction with Client. Involved in Requirement Gathering, Estimation.Involved with Stellent design and architectur

Problem: (a) What is a firewall and which are its most important tasks? (b) What is the difference between default deny and default permit? Which advantages and disadvanta

Question requires you to produce a pcap file from a Wireshark capture.  In addition, you must include a screen capture of Wireshark and some specific information regarding the fram

Attacker's Motives behind the Cyber Attack Before adapting the necessary measures to deal with the problem, understanding and evaluating the blogger's psyche and his motivation

Question: a) Give two reasons why the building-block approach is favoured to the traditional network design approach. b) With reference to network monitoring parameters, dis

IDS RESPONSE BEHAVIOR Once IDS detects an anomalous network situation, it has a number of options. IDS responses to external stimulation can be classified as active or passive.

IPV6 NEXT HEADER It is given in the figure below:

Techniques for combating Spam mails Many anti spam products are commercially available in market. But it should also be noted that no  one technique is a complete solution to

Da t a compre s sion and the trans p ort s e rvices,   The main purpose of the transport layer is to provide services which are efficient, reliable and cost-effecti