Answer:
A network intrusion detection system (INDS) is an intrusion detection system that tries to detect malicious activity such as denial of service attacks, port scans or even attempts to crack into computers by monitoring network traffic.
The NIDS does this by reading all the incoming packets and trying to find suspicious patterns. If, for example, a large number of TCP connection requests to a very large number of different ports are observed, one could assume that there is someone conducting a port scan of some or all of the computer(s) in the network. It also (mostly) tries to detect incoming shellcodes in the same manner that an ordinary intrusion detection systems does.
A NIDS is not limited to inspecting incoming network traffic only. Often valuable information about an ongoing intrusion can be learned from outgoing or local traffic as well. Some attacks might even be staged from the inside of the monitored network or network segment, and are therefore not regarded as incoming traffic at all.
Often, network intrusion detection systems work with other systems as well. They can for example update some firewalls' blacklist with the IP addresses of computers used by (suspected) crackers.
Certain DISA documentation, such as the Network STIG, uses the term NID to distinguish an internal IDS instance from its outward-facing counterpart. (Wikipedia-1, 2009)
A host-based intrusion detection system (HIDS) is an intrusion detection system that monitors and analyzes the internals of a computing system rather than on its external interfaces (as a network-based intrusion detection system (NIDS) would do).
A host-based IDS monitors all or parts of the dynamic behaviour and the state of a computer system. Much as a NIDS will dynamically inspect network packets, a HIDS might detect which program accesses what resources and discover that, for example, a word-processor has suddenly and inexplicably started modifying the system password-database. Similarly a HIDS might look at the state of a system, its stored information, whether in RAM, in the file-system, log files or elsewhere; and check that the contents of these appear as expected.
One can think of a HIDS as an agent that monitors whether anything/anyone - internal or external - has circumvented the security policy that the operating system tries to enforce. (Wikipedia-2, 2009)
Reference:
1. Wikipedia-1 (2009). "Network Intrusion Detection System". Wikipedia The Free Encyclopedia, Retrieved from URL - http://en.wikipedia.org/wiki/Network_intrusion_detection_system
2. Wikipedia-2 (2009) "Host-Based Intrusion Detection System". Wikipedia The Free Encyclopedia, Retrieved from URL - http://en.wikipedia.org/wiki/Host-based_intrusion_detection_system
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment