Network-based ids (nids), Computer Network Security

Network-Based IDS (NIDS)

A NIDS resides on computer or appliance connected to segment of an organization’s network and looks for signs of attacks. While examining packets, a NIDS looks for the attack patterns. Installed at specific place in the network where it can watch traffic going into and out of particular network segment. It can detect various types of attacks, but requires much complex configuration and maintenance program.

NIDS Signature Matching


To detect an attack, NIDSs look for attack patterns, which are done by using special implementation of TCP/IP stack.In this technique of protocol stack verification, NIDSs look for invalid data packets structure. In the application protocol verification, higher order protocols are examined for the improper use.

Advantages and Disadvantages of NIDSs

Advantages:
-Good network design and placement of NIDS can enable organization to use a few devices to monitor large network
-NIDSs are usually passive and can be deployed into existing networks with little disruption to normal network operations
-NIDSs not susceptible to direct attack and may not be detectable by attackers.

Disadvantages:
-Can become overwhelmed by network volume and fail to recognize attacks
-Require access to all traffic to be monitored
-Cannot analyze encrypted packets
-Cannot reliably ascertain if attack was successful or not
- Some forms of attack are not easily discerned by NIDSs, specifically those involving fragmented packets

Posted Date: 10/9/2012 3:44:08 AM | Location : United States







Related Discussions:- Network-based ids (nids), Assignment Help, Ask Question on Network-based ids (nids), Get Answer, Expert's Help, Network-based ids (nids) Discussions

Write discussion on Network-based ids (nids)
Your posts are moderated
Related Questions
CRC can detect the following errors better than check sums. a) Vertical errors b) Burst errors a) VERTICAL ERRORS:  This kind of error happens due to a hardware fai

The Role of the Investigation The first phase, investigation is the most significant. What problem is the system being developed to solve? During investigation phase, objectives

SUCCESS OF IP:  IP has accommodated dramatic modification since real design. But basic rules are still appropriate today. There are many new kinds of hardware. SCALING:

project on ensuring data securities on cloud computing

a) Explain the contents of the Cost Assessment. b) Various Documents are needed for Configuration Management. State three of them, and describe their importance. c) Given tha

QUESTION (a) Illustrate the term file carving. (b) What are the basic three main techniques for image steganography? (c) Distinguish between vector graphics and raster

You are free to design the format and structure of the routing table kept locally by each node and exchanged among neighboring nodes. 1. Upon the activation of the program, each

Question : (a) What do you meant by the term "Bastion Host"? What is its use? (b) "Hostile" Java applets will do undesirable actions. Mention two problems caused by Hosti

CYCLIC REDUNDANCY CHECK (CRC) To activate a network system to check move error without increasing the amount of information in every packet another most successful method is m

Da t a compre s sion and the trans p ort s e rvices,   The main purpose of the transport layer is to provide services which are efficient, reliable and cost-effecti