6. Describe how a host-based intrusion detection system works, briefly contrasti

Question

6. Describe how a host-based intrusion detection system works, briefly contrasting it with network-based intrusion detection. Explain three types of threats that can be countered effectively by using HIDS tools.

5. If an attacker knew a network-based IDS like Snort was running in a targeted environment, how might the attacker try to penetrate the network while avoiding detection? Provide at least two examples of IDS evasion techniques that might be used by an attacker, and suggest a remedy or defense against the techniques you cite.

Explanation / Answer

Answer:

Host-based intrusion detection system (HIDS)

It is an intrusion detection system which is capable of monitoring and analysing the internals of a system. It also works well as the network packets on its network interfaces, which is similar to the way a network based intrusion detection system.

HIDS is a single host system monitoring and reports on the system configuration and application activity. this is added layer of protection that ensure anything that gets past thtough the formal does not leave any thread.

So the three types of error that can be countered by using the HIDS are as follows:

Signature Detection:

It is used to detect the know attacks by the specific action that has been performed.

Anomaly Detection:

In this, it is further divided into three subparts which are: Point anomalies, contextual anomalies, and collective anomalies.

Stateful Protocol analysis:

It used predetermined universal profits based on what a company has developed as accepted definitions of benign activity.

Related Questions

Navigate

• Browse (All)
• Browse 6
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.