0
4.1kviews
Intrusion Detection Systems
1 Answer
0
56views

Intrusion Detection Systems (IDS):

This is the network security component which can be network based or host based.

Network based IDS

These system resides on a network segment and monitor the inbound and outbound traffic on that segment using network interface card (NIC).

enter image description here

  • In a switched environment,IDS must use port spanning to monitor multiple segments.
  • This examines packet for evidence of hostile or suspicious activity.
  • If the IDS determines an attack in progress either it sends an alert or an action such as modifying the firewall rule set is performed to deny access from the offending address.

- Advantages

Easy deployment

Unobtrusive

Difficult to evade if done at low level of network operation

- Disadvantages

Fail Open

Different hosts process packets differently

NIDS needs to create traffic seen at the end host

Need to have the complete network topology and complete host behavior

Host based IDS

Host based IDS is shown below,

enter image description here

  • It is the software that resides on a device (server) and keeps track of the unauthorized intrusion attempts and suspicious processes of that server,using log files or other auditing tools that resides on the server.So the authentication server itself is the IDS in the host based systems.

  • Network based IDs can be susceptible to flooding while host based IDS will not detect attacks on other devices.Signature must be updated on a regular basis for the systems to detect newer attacks.

  • An IDS on the internal networks will also help in detecting internal threats to systems.

- Advantages

More accurate than NIDS

Less volume of traffic so less overhead

- Disadvantages

Deployment is expensive

Please log in to add an answer.