\"Security Monitoring\": Considering your place of employment or your home compu

Question

"Security Monitoring":

Considering your place of employment or your home computing environment, discuss in detail the way in which in-depth (or layered) defense is employed to enhance security in your chosen environment.

According to the textbook, Intrusion Detection Systems (IDS), which can be categorized as Host IDS (HIDS) and Network IDS (NIDS), is a means of providing real-time monitoring. Compare and contrast HIDS and NIDS, and provide at least one (1) example identifying when one (1) would be more appropriate to use over the other. Provide a rationale to support your chosen example.

Explanation / Answer

Host intrusion detection systems (HIDS) and network intrusion detection systems(NIDS) are methods of security management for computers and networks.

In HIDS,anti-threat applications such as firewalls,antivirus software and spyware-detection programs are installed on every network computer that has two-way access to the outside environment such as the internet.HIDS is a bit different than NIDS in the aspect that it is run as a service or agent on the proteched host.HIDS does not insoect traffic that is not directed at the host it is protecting.

Instead,the HIDS agent monitors settings on the machine,like critical system files,registry settings,file checksums or just about any other parameter you define.when an attack is made to a machine,the agent will typically block the connection,log a record of the session,report it back to a central management console,and of course alert the admin of the problem.HIDS also has another distinct characteristic,it can inspect encrypted traffic,because the traffic is actually decrypted before the agent inspects it.NIDS on the other hand can't do anything about encryption.

In NIDS,anti-threat software is installed only at specific points such as servers that interface between the outside environment and the network segment to be protected.the first type of IDS is the network based IDS.this type of IDS is deployed at stategic places in the network infrastructure to capture traffic going across the wire,and comparing it to a database of known attack signatures.If the packets are inspected,and there is a match to the signature database.many types of actions can be taken,including alerts to the administrator,sending a RST to the attacking host to kill the connection,or even dynamically modifying firewall rules to block the connection although this is often very risky because of the probability that valid traffic will be blocked from the network if a false positive is detected.NIDS can most similarly be compared to a sniffer on steriods.

All methods of istusion detection(ID) involve the gathering and analysis of information from various areas within a computer or network to identify possible threats posed by hackers and crackers inside or outside the organization.Host-based and network-based ID systems have their respective advantages and limitations.the most effective protection for a proprietary network is provided by a combination of both technologies.

Related Questions

Navigate

• Browse (All)
• Browse #
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.