Unit 5 Assignment 1: Intrusion-Detection System

885 Words2 Pages

3. Intrusion-Detection Systems:
• Security level:
In intrusion-detection system, we have two types: Host-Based IDS and Network-Based IDS

The Host-Based IDS is installed on a machine to make sure that the system state when compared, matches with a certain set of baseline. Consider the case where a file-integrity checker like Tripwire is run on the target machine just after installation. A database of file signatures is created for the system and it regularly checks the system files against the safe signatures that are known. So, if a file has been altered or changed, the administrator receives an alert. This is a formidable system of practice because This works very well because attackers often will alter/replace a system file with a Trojan version so as to give them backdoor access.

The Network-based IDS has a network sniffer running in a mode where the network device intercepts and reads all network packet. The sniffer is attached to a specific database of known attack signatures, the IDS then analyzes each individual packet it picks up, to check for known attacks. For example, if a web attack contains the string /system32/cmd.exe? in the URL, the IDS will try to match …show more content…

System have to be constantly updated to prevent new types of attacks. Also, different layers of security have to be employed so as to increase the fortification of the network system against possible breach. In a case where a system has been breached, awareness should become the next priority as this can still help prevent the loss of data depending how soon detection can occur. In all security measures, human error has always been identified as a great risk. To minimize this, security training is encouraged not just for security personals but for everyone who uses a

Open Document