Network-based ids (nids), Computer Network Security

Network-Based IDS (NIDS)

A NIDS resides on computer or appliance connected to segment of an organization’s network and looks for signs of attacks. While examining packets, a NIDS looks for the attack patterns. Installed at specific place in the network where it can watch traffic going into and out of particular network segment. It can detect various types of attacks, but requires much complex configuration and maintenance program.

NIDS Signature Matching


To detect an attack, NIDSs look for attack patterns, which are done by using special implementation of TCP/IP stack.In this technique of protocol stack verification, NIDSs look for invalid data packets structure. In the application protocol verification, higher order protocols are examined for the improper use.

Advantages and Disadvantages of NIDSs

Advantages:
-Good network design and placement of NIDS can enable organization to use a few devices to monitor large network
-NIDSs are usually passive and can be deployed into existing networks with little disruption to normal network operations
-NIDSs not susceptible to direct attack and may not be detectable by attackers.

Disadvantages:
-Can become overwhelmed by network volume and fail to recognize attacks
-Require access to all traffic to be monitored
-Cannot analyze encrypted packets
-Cannot reliably ascertain if attack was successful or not
- Some forms of attack are not easily discerned by NIDSs, specifically those involving fragmented packets

Posted Date: 10/9/2012 3:44:08 AM | Location : United States







Related Discussions:- Network-based ids (nids), Assignment Help, Ask Question on Network-based ids (nids), Get Answer, Expert's Help, Network-based ids (nids) Discussions

Write discussion on Network-based ids (nids)
Your posts are moderated
Related Questions
Question: (a) Consider that you enter the given URL in the address bar of a popular web client and that both the client and server accepts HTTP version 1.1. i. What can be t

ADDRESS RESOLUTION WITH MESSAGE EXCHANGE An alternative to local calculation is a distributed function. A computer that requires to find an address transmits a message across

(a) Consider the subsequent authentication options: A. Using password. B. Using pin and fingerprint Which option A or B provides stronger security and why? (b) Give

(a) An opponent is using RSA with the public key {e=53, n=77}. You intercept the ciphertext C=10. (All values on this problem, including the ciphertext and the cleartext, are nume

Vulnerability Identification Specific avenues threat agents can exploit to attack an information asset are known as vulnerabilities. Examine how each threat can be generated and

discuss the merits and demerits of computers freezing

why is it that sometime we put password in our account to login or signup and it would not work?

Question: (a) Explain how the Diffie-Hellman key establishment protocol works. (b) Prove that the Diffie-Hellman key establishment protocol is vulnerable to a `man in the mi

Problem (a) IT Service Support within the ITIL framework is divided in a number of processes. Compare and contrast the following processes: i. Incident Management and Problem M

Problem : (a) Provide one possible classification of PCA, ART, RBF, and Fuzzy ARTMAP networks. (b) Describe in detail the characteristics of Radial Basis Function Neural Net