Host-based ids, Computer Network Security

Assignment Help:

Host-Based IDS

A host-based IDS (HIDS) resides on a particular computer or server and monitors activity only on that system. HIDS also called as system integrity verifiers as they benchmark and monitor the status of key system files and detect when intruder creates, modifies, or deletes files. It is efficient enough to monitor system configuration databases. Most of the HIDSs work on principle of configuration or change in management. The HIDS examines the files and logs for predefined events. The advantage of HIDS over NIDS is which it can be installed usually so that it can access information encrypted when traveling over network.

Advantages and Disadvantages of HIDSs

Advantages

-Can detect local events on host systems and detect attacks that may elude a network based IDS
- Functions on host system, where encrypted traffic will have been decrypted and is available for processing.
-Not affected by use of switched network protocols
-Can detect inconsistencies in how applications and systems programs were used by examining records stored in the audit logs.

Disadvantages

-Pose more management issues
-Vulnerable both to direct attacks and attacks against host operating system
-Does not detect multi host scanning, nor scanning of non-host network devices
-Susceptible to some denial of service attacks
-Can use large amounts of disk space
-Can inflict a performance overhead on its host systems


Related Discussions:- Host-based ids

Locality of reference , LOCALITY OF REFERENCE PRINCIPLE:  Principle of...

LOCALITY OF REFERENCE PRINCIPLE:  Principle of "Locality of Reference" use to predict computer interaction patterns. There are two patterns shown as follows: a) Spatial loca

Digital certificates-cryptography, Digital Certificates Digital Certific...

Digital Certificates Digital Certificates are electronic document having key value and identifying information about entity which controls key. Digital signature which is attach

How will network datagrams be protected at network layer, (a) Consider the...

(a) Consider the subsequent authentication options: A. Using password. B. Using pin and fingerprint Which option A or B provides stronger security and why? (b) Give

Question, Describe the process a proposed standard goes through to become a...

Describe the process a proposed standard goes through to become an RFC

Estimate the average throughput, Question (a) Estimate the average thr...

Question (a) Estimate the average throughput between two hosts given that the RTT for a 100 bytes ICMP request-reply is 1 millisecond and that for a 1500 bytes is 2 millisecon

Provide the network configuration, QUESTION: a) Below is a capture of a...

QUESTION: a) Below is a capture of an Ethernet II frame which has an IPv4 packet and a segment. Provide the source MAC address in hexadecimal; the source IP address, the length

Documenting the results of risk assessment, Documenting the Results of Risk...

Documenting the Results of Risk Assessment The goal of this process is to recognize the information assets, list them, and rank according to those most required protection. The

Information security policy practices and standards, INFORMATION SECURITY P...

INFORMATION SECURITY POLICY PRACTICES AND STANDARDS Management from all the communities of interest should consider policies as basis for all information security efforts. Polic

Direct indexing, DIRECT INDEXING It is less usually known method. It i...

DIRECT INDEXING It is less usually known method. It is possible only is cases where protocols address are given from a compact range. In the diagram below an example of direct

Write Your Message!

Captcha
Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd