HIDS and NIDS by Eric Rivers

Host Based Intrusion Detection (HIDS) system

Refers to Intrusion Detection that takes place on a single host system. Currently, HIDS involves installing an agent on the local host that monitors and reports on the system configuration and application activity.

Key Points about HIDS

1) Detects malicious activity

2) Gathers data about malicious activity and reports to IT (Logging & Reporting)

3) Software based

4) Associated only with the host / end point device that it is installed on

5) Users or hackers can uninstall the application and pose a security risk

Network based (NIDS) intrusion detection system

NIDS is a Network Security System focusing on the attacks that come from the inside of the network (authorized users).

Key Points about NIDS

1) Detects malicious activity

2) Gathers data about malicious activity and reports to IT (Logging & Reporting)

3) Hardware / Appliance based

4) In order to ensure stability and high availability the equipment must be configured in a high availability manner along with redundant equipment.

What they do?

1) Monitor system and user activity

2) Audits system configuration to ensure no changes have occurred

3) Audits system for vulnerabilities and misconfigurations

4) Assesses the integrity of critical system and data files

5) Recognizes / identifies known attack patterns

6) Identifies abnormal activity

7) Manages audit trail and highlights user violations of policy or abnormal behavior

Created on August 29, 2015 by Lionel Sharpe || Professor Eric Rivers at 3:39 AM

Form (rr15a) Code:3301627005-GA

Form (rr15b) Code:3301627006-NJ

Form (rr15c) Code:3301627007-FL