3.4.2 Host Based
(Page 1 of 2)
In contrast to network based IDS, host based IDS focus on monitoring for unauthorized activities occurring on hosts themselves, including both incoming/outgoing network traffic involving the host running the IDS and other events on the host which do not involve the network. Host based IDS have been around for a long time (since the 1980s, says ISS340). They range from simple accounting record auditing packages (which may or may not run in real time), to more advanced detection systems that not only check system, security and event logs, but also periodically verify system file checksums to ensure that critical configuration files and executables have not changed, and/or monitor certain ports for connection activity.
To secure your network using host based IDS technology, you would have to install a copy of the host based IDS on each system you want to monitor. Unlike NIDS, a single installation can only monitor a single machine generally the one on which it has been installed.
340. Network- vs. Host-based Intrusion Detection, Internet Security Systems, http://documents.ids.net/whitepapers/nvh_ids/
Home - Table Of Contents - Contact Us
CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004
Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.