Network-based ids (nids), Computer Network Security

Network-Based IDS (NIDS)

A NIDS resides on computer or appliance connected to segment of an organization’s network and looks for signs of attacks. While examining packets, a NIDS looks for the attack patterns. Installed at specific place in the network where it can watch traffic going into and out of particular network segment. It can detect various types of attacks, but requires much complex configuration and maintenance program.

NIDS Signature Matching


To detect an attack, NIDSs look for attack patterns, which are done by using special implementation of TCP/IP stack.In this technique of protocol stack verification, NIDSs look for invalid data packets structure. In the application protocol verification, higher order protocols are examined for the improper use.

Advantages and Disadvantages of NIDSs

Advantages:
-Good network design and placement of NIDS can enable organization to use a few devices to monitor large network
-NIDSs are usually passive and can be deployed into existing networks with little disruption to normal network operations
-NIDSs not susceptible to direct attack and may not be detectable by attackers.

Disadvantages:
-Can become overwhelmed by network volume and fail to recognize attacks
-Require access to all traffic to be monitored
-Cannot analyze encrypted packets
-Cannot reliably ascertain if attack was successful or not
- Some forms of attack are not easily discerned by NIDSs, specifically those involving fragmented packets

Posted Date: 10/9/2012 3:44:08 AM | Location : United States







Related Discussions:- Network-based ids (nids), Assignment Help, Ask Question on Network-based ids (nids), Get Answer, Expert's Help, Network-based ids (nids) Discussions

Write discussion on Network-based ids (nids)
Your posts are moderated
Related Questions
FRAGMENTATION Fragmentation information is kept in different extension header.  Every fragment has base header and fragmentation header. Whole datagram including original hea

COLLISION DETECTION The signals from two devices will interfere with each other and the overlapping of frames is known a collision. It does not cause to the hardware but data

on LAN,where are IP datagrams transported?

Risk Determination For purpose of relative risk assessment, risk equals probability of vulnerability occurrence TIMES value MINUS percentage risk already controlled PLUS an elem

Size of Option field of an ip datagram is 20 bytes. What is the value of HLEN? What is the value in binary?

Problem 1: What does the SNMP access policy show? SNMP community diagram SNMP access policy Problem 2: Does there exist any formal functional specificat

CarALouer provides rental of cars to its customer on a regional basis i.e. a car is attached to a regional home-base which also houses a regional office of the company. Each regi

a) Calculate the CRC for the frame below: Frame: 1101011011 Generator: 10011 Message after appending 4 zero bits: 11010110110000 b) OSI refers to a system in which any

FRAME FORMAT AND ERROR DETECTION The changed frame format also adds CRC. If there is an error happened in frame, then it typically causes receiver to removed frame. The frame

USING ICMP TO TEST REACHABILITY:  ICMP can also be used to test several tools. An Internet host A, is reachable from another host B, if data packets can be send from A to B. P