Network-based ids (nids), Computer Network Security

Network-Based IDS (NIDS)

A NIDS resides on computer or appliance connected to segment of an organization’s network and looks for signs of attacks. While examining packets, a NIDS looks for the attack patterns. Installed at specific place in the network where it can watch traffic going into and out of particular network segment. It can detect various types of attacks, but requires much complex configuration and maintenance program.

NIDS Signature Matching


To detect an attack, NIDSs look for attack patterns, which are done by using special implementation of TCP/IP stack.In this technique of protocol stack verification, NIDSs look for invalid data packets structure. In the application protocol verification, higher order protocols are examined for the improper use.

Advantages and Disadvantages of NIDSs

Advantages:
-Good network design and placement of NIDS can enable organization to use a few devices to monitor large network
-NIDSs are usually passive and can be deployed into existing networks with little disruption to normal network operations
-NIDSs not susceptible to direct attack and may not be detectable by attackers.

Disadvantages:
-Can become overwhelmed by network volume and fail to recognize attacks
-Require access to all traffic to be monitored
-Cannot analyze encrypted packets
-Cannot reliably ascertain if attack was successful or not
- Some forms of attack are not easily discerned by NIDSs, specifically those involving fragmented packets

Posted Date: 10/9/2012 3:44:08 AM | Location : United States







Related Discussions:- Network-based ids (nids), Assignment Help, Ask Question on Network-based ids (nids), Get Answer, Expert's Help, Network-based ids (nids) Discussions

Write discussion on Network-based ids (nids)
Your posts are moderated
Related Questions
Problem 1: a) One of the limitations of file processing systems is data inconsistency. Briefly explain with the help of an example what do you understand by this phrase. b)

ERROR REPORTING MECHANISM (ICMP) INTRODUCTION:  IP gives best-effort delivery. Delivery causes can be ignored; datagrams may be 'dropped on the ground'. Internet Control Me

Problem: (a) What is the minimum length of a password that could be considered to be "strong" in the context of today's computing power? (b) The security of a PIN system,

Improving domain blacklisting: Current domain blacklisting techniques are not very effective as spammers keep replacing blacklisted domains with newly registered domains. Also

QUESTION (a) Hashing and salting is commonly used as password storage techniques for most applications. Describe how hashing and salting enable secure storage of password (b

Question : (a) What is an IDS and what is the basic problem it faces which can be solved by Artificial Intelligence. (b) Identify and describe briefly an Artificial Intell


what is relation ship between computer security goals?

RING topology all computers are connected in loop. A ring topology is a network topology in which every node connects to exactly two other devices, forming a single continuous pa

how can you enter the ASVAB practice test on line?