Network-based ids (nids), Computer Network Security

Network-Based IDS (NIDS)

A NIDS resides on computer or appliance connected to segment of an organization’s network and looks for signs of attacks. While examining packets, a NIDS looks for the attack patterns. Installed at specific place in the network where it can watch traffic going into and out of particular network segment. It can detect various types of attacks, but requires much complex configuration and maintenance program.

NIDS Signature Matching


To detect an attack, NIDSs look for attack patterns, which are done by using special implementation of TCP/IP stack.In this technique of protocol stack verification, NIDSs look for invalid data packets structure. In the application protocol verification, higher order protocols are examined for the improper use.

Advantages and Disadvantages of NIDSs

Advantages:
-Good network design and placement of NIDS can enable organization to use a few devices to monitor large network
-NIDSs are usually passive and can be deployed into existing networks with little disruption to normal network operations
-NIDSs not susceptible to direct attack and may not be detectable by attackers.

Disadvantages:
-Can become overwhelmed by network volume and fail to recognize attacks
-Require access to all traffic to be monitored
-Cannot analyze encrypted packets
-Cannot reliably ascertain if attack was successful or not
- Some forms of attack are not easily discerned by NIDSs, specifically those involving fragmented packets

Posted Date: 10/9/2012 3:44:08 AM | Location : United States







Related Discussions:- Network-based ids (nids), Assignment Help, Ask Question on Network-based ids (nids), Get Answer, Expert's Help, Network-based ids (nids) Discussions

Write discussion on Network-based ids (nids)
Your posts are moderated
Related Questions
RING TOPOLOGY In this topology of network the devices are connected to each other in packed loop. In this network first computer passes data packet to the second and then seco

Question (a) Consider that you enter the subsequent URL in the address bar of a popular web client and that both the server and client accepts HTTP version 1.1. i. What can be

In this section, you should create a program that emulates a GBN node. Two GBN nodes will be running to send packets to each other through the UDP protocol. For emulation purpose,

Question: (a) A Wireless Mesh Network (WMN) is a communications network made up of radio nodes organized in a mesh topology. i. Describe the function of a TAP in WMNs. ii.

ROUTING TABLES AND ADDRESS MASKS Additional information is saved in routing table. Destination is kept as network address. Next hop is saved as IP address of router. Address m

Describe what the FTAM services are. FTAM  stand for the File Transfer Access and Management: FTAM is an ISO application protocol which performs the operations on files such as.


Question (a) In relation to a TCP segment structure, provide the fields responsible for: i. Connection Management ii. Flow Control iii. Error Control iv. Reliable, in-order

1.  We used the National Vulnerability Database. Select a recent vulnerability from that Database and analyse it from the following aspects: Criticality level Impact in

Discuss how developers should apply the following countermeasures to improve the security of their code: