written 5.7 years ago by | • modified 5.4 years ago |
Intrusion Detection Systems (IDS):
This is the network security component which can be network based or host based.
Network based IDS
These system resides on a network segment and monitor the inbound and outbound traffic on that segment using network interface card (NIC).
- In a switched environment,IDS must use port spanning to monitor multiple segments.
- This examines packet for evidence of hostile or suspicious activity.
- If the IDS determines an attack in progress either it sends an alert or an action such as modifying the firewall rule set is performed to deny access from the offending address.
- Advantages
Easy deployment
Unobtrusive
Difficult to evade if done at low level of network operation
- Disadvantages
Fail Open
Different hosts process packets differently
NIDS needs to create traffic seen at the end host
Need to have the complete network topology and complete host behavior
Host based IDS
Host based IDS is shown below,
It is the software that resides on a device (server) and keeps track of the unauthorized intrusion attempts and suspicious processes of that server,using log files or other auditing tools that resides on the server.So the authentication server itself is the IDS in the host based systems.
Network based IDs can be susceptible to flooding while host based IDS will not detect attacks on other devices.Signature must be updated on a regular basis for the systems to detect newer attacks.
An IDS on the internal networks will also help in detecting internal threats to systems.
- Advantages
More accurate than NIDS
Less volume of traffic so less overhead
- Disadvantages
Deployment is expensive