Network-based ids (nids), Computer Network Security

Assignment Help:

Network-Based IDS (NIDS)

A NIDS resides on computer or appliance connected to segment of an organization’s network and looks for signs of attacks. While examining packets, a NIDS looks for the attack patterns. Installed at specific place in the network where it can watch traffic going into and out of particular network segment. It can detect various types of attacks, but requires much complex configuration and maintenance program.

NIDS Signature Matching


To detect an attack, NIDSs look for attack patterns, which are done by using special implementation of TCP/IP stack.In this technique of protocol stack verification, NIDSs look for invalid data packets structure. In the application protocol verification, higher order protocols are examined for the improper use.

Advantages and Disadvantages of NIDSs

Advantages:
-Good network design and placement of NIDS can enable organization to use a few devices to monitor large network
-NIDSs are usually passive and can be deployed into existing networks with little disruption to normal network operations
-NIDSs not susceptible to direct attack and may not be detectable by attackers.

Disadvantages:
-Can become overwhelmed by network volume and fail to recognize attacks
-Require access to all traffic to be monitored
-Cannot analyze encrypted packets
-Cannot reliably ascertain if attack was successful or not
- Some forms of attack are not easily discerned by NIDSs, specifically those involving fragmented packets


Related Discussions:- Network-based ids (nids)

Topology, What is the concept of topology?

What is the concept of topology?

Ip Datagram, Size of Option field of an ip datagram is 20 bytes. What is th...

Size of Option field of an ip datagram is 20 bytes. What is the value of HLEN? What is the value in binary?

Sequential label and supply, What questions should Iris ask Charlie about t...

What questions should Iris ask Charlie about the new job, about Kelvin''s team, and about the future of the company?

Firewall architectures-screened subnet architecture, Screened Subnet Archit...

Screened Subnet Architecture This setup provides an extra security layer to screened host architecture by creating a perimeter subnet which further isolates internal network f

Location to e-mail messages are saved, In the e-mail system, where the e-ma...

In the e-mail system, where the e-mail messages are saved and why? E-mail messages are saved in user’s private electronic mailbox. A mailbox refers to a local/domestic hard drive c

Technology, how can you enter the ASVAB practice test on line?

how can you enter the ASVAB practice test on line?

Audit or review of the information security issues, Using the selected appr...

Using the selected approach, you should then conduct an audit or review of the information security issues associated with the use of computing facility and report on the findings.

How will network datagrams be protected at network layer, (a) Consider the...

(a) Consider the subsequent authentication options: A. Using password. B. Using pin and fingerprint Which option A or B provides stronger security and why? (b) Give

Imap and pop functions, How does the POP functions? What are the advantages...

How does the POP functions? What are the advantages/benefits of IMAP over POP? POP stands for Post Office Protocol, version 3 (POP3) is one of the easiest message access protoc

Locality of reference , LOCALITY OF REFERENCE PRINCIPLE:  Principle of...

LOCALITY OF REFERENCE PRINCIPLE:  Principle of "Locality of Reference" use to predict computer interaction patterns. There are two patterns shown as follows: a) Spatial loca

Write Your Message!

Captcha
Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd