Network-based ids (nids), Computer Network Security

Network-Based IDS (NIDS)

A NIDS resides on computer or appliance connected to segment of an organization’s network and looks for signs of attacks. While examining packets, a NIDS looks for the attack patterns. Installed at specific place in the network where it can watch traffic going into and out of particular network segment. It can detect various types of attacks, but requires much complex configuration and maintenance program.

NIDS Signature Matching


To detect an attack, NIDSs look for attack patterns, which are done by using special implementation of TCP/IP stack.In this technique of protocol stack verification, NIDSs look for invalid data packets structure. In the application protocol verification, higher order protocols are examined for the improper use.

Advantages and Disadvantages of NIDSs

Advantages:
-Good network design and placement of NIDS can enable organization to use a few devices to monitor large network
-NIDSs are usually passive and can be deployed into existing networks with little disruption to normal network operations
-NIDSs not susceptible to direct attack and may not be detectable by attackers.

Disadvantages:
-Can become overwhelmed by network volume and fail to recognize attacks
-Require access to all traffic to be monitored
-Cannot analyze encrypted packets
-Cannot reliably ascertain if attack was successful or not
- Some forms of attack are not easily discerned by NIDSs, specifically those involving fragmented packets

Posted Date: 10/9/2012 3:44:08 AM | Location : United States







Related Discussions:- Network-based ids (nids), Assignment Help, Ask Question on Network-based ids (nids), Get Answer, Expert's Help, Network-based ids (nids) Discussions

Write discussion on Network-based ids (nids)
Your posts are moderated
Related Questions
PACKETS: Packet is a generic word that define to small code of data. Packet have different format. Each hardware needs different packet format.  FRAME: A hardware frame or

a) determine the RTT (round trip time) between a client requesting a web page of 1024 bytes in size from an internal web server on a 100 Base-T Ethernet. Assume a one-way propagati

Question : (a) Distinguish between authorization and authentication. (b) SSO (Single Sign On) implies a user logs in once and can access resources for a defined period of

(a) Briefly explain the following security goals provided by cryptography: confidentiality, authentication, integrity and non-repudiation. (b) State Kerckhoff's Princip

What key which if used to encrypt the ciphertext again would give back the plaintext (i.e. key is a weak key)? Define a formula for identifying weak keys for the cipher below (

Network Virtual Terminal It is a set of principles describing a very simple virtual terminal interaction. The NVT is needed in the start of a Telnet session. Communication wit

Problem (a) Distinguish between passive and active attacks. (b) Give two reasons why it is important to organise security awareness programs for users. (c) Describe how

QUESTION A small ISP requests your help. The technicians report that they have had no downstream access to the Internet. They believe the problem lies with their access provide


Re: Website Google Ranking Hello! Hope you are doing well. I discovered some major issues in your website which might be the cause for the Google Penalties and poor search ranki