Reference no: EM132173324

Review this article with 2 APA format references.

Intrusion Detection System Comparison NIDS and HIDS Basic Concepts A network-based Intrusion Detection System (NIDS) is placed behind a firewall within a LAN to observe and report on suspicious network activity.

NIDSs can only monitor inbound and outbound traffic on the LAN, and does not attempt to stop any activity, only recording suspicious behavior (Paloalto Networks, 2018). NIDSs are connected to the network via a network interface such as an Ethernet adapter so that it can observe network packets traversing the entire network (Paloalto Networks, 2018).

A host-based Intrusion Detection System (HIDS) is normally software based and is loaded onto a workstation or server (Ghorbani, Lu, & Tavallaee, 2010, p. 55). HIDSs only monitor traffic entering and exiting a single workstation or server (Ghorbani, Lu, & Tavallaee, 2010, p. 55). Moreover, HIDS examines host specific operations such as what applications are running, what types of files are being used, and looks at information in the kernel logs.

Both NIDSs and HIDSs incorporate rules that can be adjusted to fit the organization's needs. Selecting a broad range of rules provides the most coverage concerning possible malicious activity. However, each installation is different so adjusting the rule sets is a common practice called "tuning." An IDS, host or network-based, only reports suspicious activity and cannot block traffic (Paloalto Networks, 2018).

It is up to a security administrator to determine what is not legitimate traffic with the aid of the generated reports. If an IDS acted like its Intrusion Prevention System (IPS) counterpart, any traffic marked as being malicious could be automatically blocked (Paloalto Networks, 2018). To to the passive nature of an IDS, this can be an issue because a potentially malicious threat will not be noticed until the security administrator analyzes the data from the IDS and intervenes. Pros and Cons of HIDS and NIDS An advantage of NIDSs is centralized reporting on the network that an administrator can use to get a quick look at possible threats (Ghorbani, Lu, & Tavallaee, 2010, p. 55).

A HIDS will record information from one host and usually does not have centralized reporting. In a HIDS environment, each node must be protected separately. Data collection is somewhat problematic because each host requires configuration in order to report to a centralized control panel, if such options even exist. HIDSs used by very small businesses may not have centralized reporting as an option. One disadvantage of NIDSs is ensuring that the hardware appliance selected is capable of processing the volume of network traffic.

A failure to select the right hardware and packets will be dropped from reporting. NIDSs can send alerts to the security administrator that unusual traffic is being seen within the network as a whole. HIDSs will not send an alert until after the threat is present on the host (Saxena, n.d.).

The Book of Psalms states, "Give justice to the weak and the fatherless; maintain the right of the afflicted and the destitute. Rescue the weak and the needy; deliver them from the hand of the wicked" (Psalms 82:3-4 English Standard Version). These two verses remind each of us to defend those that may not be aware of the threats that exist in a platform that is globally connected. As security professionals, we must do our best to analyze possible threats and ensure that we protect the information critical to individuals and organizations alike.

The Book of Proverbs makes a similar calling to each of us, "Open your mouth for the mute, for the rights of all who are destitute. Open your mouth, judge righteously, defend the rights of the poor and needy" (Proverbs 31:8-9English Standard Version). References Ghorbani, A. A., Lu, W., & Tavallaee, M. (2010). Network intrusion detection and prevention:Concepts and Techniques.

What is an Intrusion Detection System.

Saxena, V. (n.d.). Description of the difference between HIDs & NIDs.