Ask
Login
0
5.3kviews
Intrusion Detection System(IDS)
written 5.5 years ago by gravatar for swatisharma swatisharma 1.3k
cryptography and network security
ADD COMMENT EDIT
1 Answer
0
155views
written 5.5 years ago by gravatar for swatisharma swatisharma 1.3k

Intrusion Detection Systems:

  • Intrusion detection is the process of monitoring the events occurring in computer system or network.Signs of violations of computer security policies acceptable use policies or standard security practices are analyzed.

  • Intrusion prevention is the process of detecting the signs of intrusion and attempting to stop the intrusive efforts collectively the system is known as intrusion detection and prevention systems(IDPS). IDPSs have become a necessary addition to the security infrastructure of nearly every organisation.

Types Of ID's:-

  • masquerader

  • Misfeasor

  • Clandestine Users

1] masquerader:-

A masquerader is an outsiders from the trusted users & are not authorized to use the computer systems. These intruders penetrate the system protection by way of legitimate user accounts.

2] Misfeasor:-

A misfeasor is an internal/insider & legitimate user who accesses resources that they are not authorized to use, or they may be authorized but misuses their privileges.

3] Clandestine Users :-

They are both insiders & outsiders these type of intruders gain supervisory access to the system.

Types of IDS Technologies:- (IDs is software that automates the ID process)

1. Network-based:- These monitor the network traffic for a segment of the network. It also analyzes the network & application protocol activity to identify suspicious activity.

Characteristics:

NIDS examine raw packets in the network passively and triggers alerts

-Advantages

Easy deployment

Unobtrusive

Difficult to evade if done at low level of network operation

-Disadvantages

Fail Open

Different hosts process packets differently

NIDS needs to create traffic seen at the end host

Need to have the complete network topology and complete host behavior

2. Host-based :- These IDs monitors the Host & events that occur within the host.

Characteristics:

Runs on single host

Can analyze audit-trails, logs, integrity of files and directories, etc.

Advantages

More accurate than NIDS

Less volume of traffic so less overhead

Disadvantages

Deployment is expensive

What happens when host get compromised?
ADD COMMENT EDIT
Please log in to add an answer.