WARNING: This site is intended for online use only; mass-downloading of pages degrades the server and is prohibited.
If you attempt to use tools to mass-download the site, you may be blocked permanently by automated software.
If you want to read this CertiGuide offline, please use one of the links on the left to purchase a convenient PDF copy. Thank you.

Read this whole guide offline with no ads, for a low price!
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Need more practice? 300 additional Security+ questions!
Get It Here!

Google
Web CertiGuide






Table Of Contents  CertiGuide to Security+
 9  Chapter 3:  Infrastructure Security (Domain 3.0; 20%)
      9  3.4  Intrusion Detection

Previous Topic/Section
3.4.1.2  Passive Detection
Previous Page
Pages in Current Topic/Section
1
2
Next Page
 3.4.2.1  Active Detection
Next Topic/Section

3.4.2  Host Based
(Page 2 of 2)

HIDS Considerations, Pros and Cons



While host-based IDS typically do not address the variety of attacks that can be detected by NIDS, there are some benefits to host-based technology, such as:

  • Ability to detect attacks which occur within a system, without traffic traveling across the network, such as someone sitting down at a serial-wired “dumb terminal” and replacing a key system file.

  • Fewer false positives (reporting something as a threat, which isn’t really a threat), since host-based IDS technology usually looks at logs of what has already happened as opposed to what it looks like someone might be trying to do.

  • Not affected by switched environments or network-based encryption, because the system must decrypt the network traffic destined for it in order to respond to it. For example, the actual contents of an SSL transaction are known on the web server to which it is sent, so a host-based IDS on the web server may be able to detect anomalies in that transaction which could not be detected by a NIDS.

Host IDS Advantages

Advantages of HIDS include the ability to detect attacks occurring on a system without involving the network, fewer “false positive” reports than NIDS, and the fact that they’re not affected by network switches or network-based encryption. Unlike a NIDS, a host-based IDS on a web server can often see SSL-protected transactions because they are decrypted upon receipt by the host (or a dedicated SSL processor box installing in front of the host, on the network).


Quick navigation to subsections and regular topics in this section



Previous Topic/Section
3.4.1.2  Passive Detection
Previous Page
Pages in Current Topic/Section
1
2
Next Page
 3.4.2.1  Active Detection
Next Topic/Section

If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $


Home - Table Of Contents - Contact Us

CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.