Documente Academic
Documente Profesional
Documente Cultură
All methods of intrusion detection (ID) involve the gathering and analysis of
information from various areas within a computer or network to identify possible
threats posed by hackers and crackers inside or outside the organization. Host-
based and network-based ID systems have their respective advantages and
limitations. The most effective protection for a proprietary network is provided by
a combination of both technologies.
http://searchsecurity.techtarget.com/definition/HIDS-NIDS
The State of the Art in Intrusion Prevention and Detection
edited by Al-Sakib Khan Pathan
Host Based IDS
HIDS can be a good complementary solution to ISP's network based IDS program, as it
provides additional detection capabilities as a result of its access to local operating
system and file structure. HIDS is able to provide additional detection is by installing
agents on monitored systems. The agent software is typically controlled by a central
management server over the network, which maintains agent configuration as defined by
the HIDS administrator and collects events from the agent software. From the collected
events, the central HIDS server is able to correlate activities from all of its monitored
hosts based on predefined signatures and customized rules to produce alerts on
suspicious or malicious behaviours. The collected events can also be sent to log
correlation software (e.g. ISP Log Correlation program) for further analysis.
https://security.berkeley.edu/intrusion-detection-guideline