Network-based ids (nids), Computer Network Security

Network-Based IDS (NIDS)

A NIDS resides on computer or appliance connected to segment of an organization’s network and looks for signs of attacks. While examining packets, a NIDS looks for the attack patterns. Installed at specific place in the network where it can watch traffic going into and out of particular network segment. It can detect various types of attacks, but requires much complex configuration and maintenance program.

NIDS Signature Matching


To detect an attack, NIDSs look for attack patterns, which are done by using special implementation of TCP/IP stack.In this technique of protocol stack verification, NIDSs look for invalid data packets structure. In the application protocol verification, higher order protocols are examined for the improper use.

Advantages and Disadvantages of NIDSs

Advantages:
-Good network design and placement of NIDS can enable organization to use a few devices to monitor large network
-NIDSs are usually passive and can be deployed into existing networks with little disruption to normal network operations
-NIDSs not susceptible to direct attack and may not be detectable by attackers.

Disadvantages:
-Can become overwhelmed by network volume and fail to recognize attacks
-Require access to all traffic to be monitored
-Cannot analyze encrypted packets
-Cannot reliably ascertain if attack was successful or not
- Some forms of attack are not easily discerned by NIDSs, specifically those involving fragmented packets

Posted Date: 10/9/2012 3:44:08 AM | Location : United States







Related Discussions:- Network-based ids (nids), Assignment Help, Ask Question on Network-based ids (nids), Get Answer, Expert's Help, Network-based ids (nids) Discussions

Write discussion on Network-based ids (nids)
Your posts are moderated
Related Questions
The method used to check errors is checksum . In this method data is treated as a sequence of integers and their arithmetic sum is calculated and the carry bits are added to the

UDP- DATAGRAM TRANSPORT SERVICE INTRODUCTION:  UDP is the one of the transport protocols in TCP/IP protocol suite. UDP protocol accepts applications on the computers to

which is best algorithm

The "Big Red Rocks" (BRR) mining company is based and operates in Western Australia. They are primarily an iron ore miner, but they also produce electricity through tidal power to

QUESTION a) "Two of the key attributes of an enterprise network is that it have to be multi-platform and multisite." Decribe what you understand by this statement. b) A

(a) Illustrate what you understand by Nyquist Capacity Theorem? (b) Consider we wish to transmit at a rate of 64 kbps over a 4 kHz noisy but error-free channel. What is the mini

(a) Briefly explain the following security goals provided by cryptography: confidentiality, authentication, integrity and non-repudiation. (b) State Kerckhoff's Princip

ADDRESS RESOLUTION WITH MESSAGE EXCHANGE An alternative to local calculation is a distributed function. A computer that requires to find an address transmits a message across

LOG FILE MONITORS Log file monitor (LFM) is similar to NIDS. It reviews log files generated by servers, network devices, and even other IDSs for patterns and signatures. Pattern

QUESTION: (a) Below is a capture of an Ethernet II frame which contains an IPv4 packet and a TCP segment. Give the source MAC address for the frame in hexadecimal; the sourc