WARNING: This site is intended for online use only; mass-downloading of pages degrades the server and is prohibited.
If you attempt to use tools to mass-download the site, you may be blocked permanently by automated software.
If you want to read this CertiGuide offline, please use one of the links on the left to purchase a convenient PDF copy. Thank you.

Get this Security+ CertiGuide for your own computer.
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Also available: 300-question Security+ practice test!
Get It Here!

Google
Web CertiGuide






Table Of Contents  CertiGuide to Security+
 9  Chapter 3:  Infrastructure Security (Domain 3.0; 20%)
      9  3.4  Intrusion Detection

Previous Topic/Section
3.4.1.2  Passive Detection
Previous Page
Pages in Current Topic/Section
1
2
Next Page
 3.4.2.1  Active Detection
Next Topic/Section

3.4.2  Host Based
(Page 1 of 2)

In contrast to network based IDS, host based IDS focus on monitoring for unauthorized activities occurring on hosts themselves, including both incoming/outgoing network traffic involving the host running the IDS and other events on the host which do not involve the network. Host based IDS have been around for a long time (since the 1980’s, says ISS340). They range from simple accounting record auditing packages (which may or may not run in real time), to more advanced detection systems that not only check system, security and event logs, but also periodically verify system file checksums to ensure that critical configuration files and executables have not changed, and/or monitor certain ports for connection activity.

Host Based IDS (HIDS)

A Host-based Intrusion Detection System (HIDS) monitors for unauthorized activities occurring on hosts, including network traffic in and out of the host and other events on the host that do not involve the network.

It may watch the host’s network interfaces as well as monitor logs and the state of key system files.


HIDS Architecture

To secure your network using host based IDS technology, you would have to install a copy of the host based IDS on each system you want to monitor. Unlike NIDS, a single installation can only monitor a single machine – generally the one on which it has been installed.

Quick navigation to subsections and regular topics in this section



 __________________

340. “Network- vs. Host-based Intrusion Detection”, Internet Security Systems, http://documents.ids.net/whitepapers/nvh_ids/

Previous Topic/Section
3.4.1.2  Passive Detection
Previous Page
Pages in Current Topic/Section
1
2
Next Page
 3.4.2.1  Active Detection
Next Topic/Section

If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $


Home - Table Of Contents - Contact Us

CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.