Updating intrusion detection report
An HIDS monitors event and audit logs, comparing new entries to attack signatures.This is resource intensive, so your organization will need to plan for the additional hardware required.A network intrusion detection system (NIDS) can be an integral part of an organization’s security, but they are just one aspect of many in a cohesive and safe system.They have many great applications, but there are also weaknesses that need to be considered.An NIDS can detect attacks that an HIDS will miss because it looks at packet headers in real-time.In saying this, an HIDS will also be able to pick up some things that an NIDS will miss, such as unauthorized users making changes to the system files.These improved efficiencies can help to reduce an organization’s staff costs and offset the cost of implementing the IDS.
It can also be analyzed to identify bugs or network device configuration problems.
Because of this, an IDS needs to be part of a comprehensive plan that includes other security measures and staff who know how to react appropriately.
An IDS is immensely helpful for monitoring the network, but their usefulness all depends on what you do with the information that they give you.
Hybrid NIDS and HIDS solutions that combine aspects of both systems are also available and can be useful in different scenarios.
Firewalls may be able to show you the ports and IP addresses that are used between two hosts, but in addition a NIDS can be tuned to show you the specific content within the packets.