Now that you have understood how IDS / IPS works, it is important that you know some types and their differences:
Types of IDS Security
Host-based Intrusion Detection Systems (HIDS)
In the case of this system, IDS is installed on each monitored machine, to analyze the events recorded in the log files, or by the audit agents. It works as a last line of defense, in case the attack was successful and managed to get through the firewall and the NIDS.
With HIDS it is possible to detect the following situations: Incorrect and exaggerated use of memory; Processes whose behavior is suspicious Suspicious connections on the network; Use of CPUUse of System Calls; Detailed use of the disk.
Network-based Intrusion Detection Systems (NIDS)
Instead of monitoring a single computer, NIDS monitors the network as a whole. It monitors the traffic of the network segment in which it is inserted, with its network interface acting in an unseemly way.
Detection is done by capturing and analyzing packet headers and contents, which are compared with established standards or signatures, being an effective mechanism against attacks such as port scanning, IP spoofing, SYN flooding.
The use of multiple NIDS in a network guarantees a comprehensive form of defense. The network-based detection system consists of two main components, the sensors and the management station.
The sensors are the devices placed in certain points of the network, which perform the monitoring itself. The management station is responsible for the remote management of all sensors.
The NIDS operating with these particularities is able to have a greater range in the detection of intruders, compared to HIDS. A great positive point is that the NIDS has the property of not being visible to the attacker, causing the attack to be carried out without care.
Other advantages of NIDS are, according to Carvalho (2005): network performance is not affected; detection and identification of attacks is done in real time, facilitating immediate decision making; effectiveness in detecting port scanning; it is not restricted to only detecting attacks, but also to unsuccessful attack attempts.
Types of IDS Security
Host-based Intrusion Detection Systems (HIDS)
In the case of this system, IDS is installed on each monitored machine, to analyze the events recorded in the log files, or by the audit agents. It works as a last line of defense, in case the attack was successful and managed to get through the firewall and the NIDS.
With HIDS it is possible to detect the following situations: Incorrect and exaggerated use of memory; Processes whose behavior is suspicious Suspicious connections on the network; Use of CPUUse of System Calls; Detailed use of the disk.
Network-based Intrusion Detection Systems (NIDS)
Instead of monitoring a single computer, NIDS monitors the network as a whole. It monitors the traffic of the network segment in which it is inserted, with its network interface acting in an unseemly way.
Detection is done by capturing and analyzing packet headers and contents, which are compared with established standards or signatures, being an effective mechanism against attacks such as port scanning, IP spoofing, SYN flooding.
The use of multiple NIDS in a network guarantees a comprehensive form of defense. The network-based detection system consists of two main components, the sensors and the management station.
The sensors are the devices placed in certain points of the network, which perform the monitoring itself. The management station is responsible for the remote management of all sensors.
The NIDS operating with these particularities is able to have a greater range in the detection of intruders, compared to HIDS. A great positive point is that the NIDS has the property of not being visible to the attacker, causing the attack to be carried out without care.
Other advantages of NIDS are, according to Carvalho (2005): network performance is not affected; detection and identification of attacks is done in real time, facilitating immediate decision making; effectiveness in detecting port scanning; it is not restricted to only detecting attacks, but also to unsuccessful attack attempts.
google 938
ReplyDeletegoogle 939
google 940
google 941
google 942
google 943