Scribd Logo
Upload

Welcome to Scribd!

  • Information Security Assignment #4 FA19-BSE-401

    Uploaded by

    MOHAMMAD EMAL ZARIFI
    4 views4 pages
    An intrusion detection system (IDS) monitors network traffic and alerts administrators of potential malicious activity. There are several types of IDS: network IDS monitors traffic across an entire subnet; host IDS monitors individual devices; protocol-based IDS oversees communication protocols to servers; application protocol IDS focuses on application layers. A hybrid IDS combines approaches for comprehensive detection. Each type has distinct focus, scope, and methods making them suitable to different network security needs.

    Original Description:

    Original Title

    information security Assignment #4 FA19-BSE-401

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    An intrusion detection system (IDS) monitors network traffic and alerts administrators of potential malicious activity. There are several types of IDS: network IDS monitors traffic across an entire subnet; host IDS monitors individual devices; protocol-based IDS oversees communication protocols to servers; application protocol IDS focuses on application layers. A hybrid IDS combines approaches for comprehensive detection. Each type has distinct focus, scope, and methods making them suitable to different network security needs.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    4 views4 pages

    Information Security Assignment #4 FA19-BSE-401

    Uploaded by

    MOHAMMAD EMAL ZARIFI
    An intrusion detection system (IDS) monitors network traffic and alerts administrators of potential malicious activity. There are several types of IDS: network IDS monitors traffic across an entire subnet; host IDS monitors individual devices; protocol-based IDS oversees communication protocols to servers; application protocol IDS focuses on application layers. A hybrid IDS combines approaches for comprehensive detection. Each type has distinct focus, scope, and methods making them suitable to different network security needs.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 4

    information security

    ASSIGNMENT # 4

    DECEMBER 11, 2023


    MOHAMMAD EMAL
    FA19-BSE-401
    Intrusion Detection System:
    An Intrusion Detection System (IDS) is a security mechanism designed to observe network traffic
    and promptly alert administrators to potential malicious activities. Functioning as software, an
    IDS analyzes data traversing the network to detect abnormal patterns and behaviors. The system
    employs predefined rules and patterns to compare network activities, aiming to identify any
    signs of attacks or unauthorized intrusions. Upon detecting a match with these patterns, the IDS
    issues an alert to the system administrator, who can then investigate and take appropriate
    actions to mitigate potential damage or prevent further intrusion.

    Type of intrusion Detection System

    1. Network Intrusion Detection System (NIDS):


     NIDS is strategically placed within the network to monitor traffic from all connected devices.
     It observes the entire subnet's passing traffic, comparing it to a database of known attacks.
     When an attack or abnormal behavior is detected, an alert is sent to the administrator.
     Example: Installation on the subnet where firewalls are located to detect attempts to
    compromise the firewall.

    2. Host Intrusion Detection System (HIDS):


     HIDS operates on individual hosts or devices within the network.
     It monitors incoming and outgoing packets specific to the host, triggering an alert for suspicious
    or malicious activity.
     HIDS takes snapshots of system files and compares them, sending an alert if changes are
    detected.
     Example: Implementation on critical machines where the system layout is not expected to
    change.

    3. Protocol-based Intrusion Detection System (PIDS):


     PIDS resides at the front end of a server, overseeing and interpreting the protocol between a
    user/device and the server.
     It focuses on securing web servers by monitoring protocols like HTTPS and HTTP.
     Example: Monitoring HTTPS traffic by residing between the user and the web server.
    4. Application Protocol-based Intrusion Detection System (APIDS):
     APIDS typically resides within a group of servers, identifying intrusions by monitoring and
    interpreting application-specific protocols.
     It may, for instance, monitor the SQL protocol as transactions occur between middleware and
    the database.

    5. Hybrid Intrusion Detection System:


     The Hybrid IDS combines two or more approaches to enhance overall intrusion detection
    effectiveness.
     It integrates host agent or system data with network information to provide a comprehensive
    view of the network.
     Example: Prelude serves as a Hybrid IDS, leveraging multiple detection methods for improved
    security.

    Differentiate among different types of intrusion detection systems.

    1. Network Intrusion Detection System (NIDS):


     Focus: Monitors network traffic at a specific point within the network.
     Scope: Examines traffic from all devices on the network.
     Detection Method: Analyzes passing traffic on the entire subnet, comparing it to known attack
    patterns.
     Example Scenario: Installed on the subnet where firewalls are located to detect attempts to
    breach the firewall.

    2. Host Intrusion Detection System (HIDS):


     Focus: Monitors activities on individual hosts or devices.
     Scope: Observes incoming and outgoing packets from the host it's installed on.
     Detection Method: Compares snapshots of system files to identify changes indicating suspicious
    or malicious activity.
     Example Scenario: Used on mission-critical machines that are not expected to undergo
    significant changes.
    3. Protocol-based Intrusion Detection System (PIDS):
     Focus: Controls and interprets communication protocols between users/devices and servers.
     Scope: Resides at the front end of a server, monitoring and interpreting protocols.
     Detection Method: Regularly monitors specific protocols (e.g., HTTPS) to ensure the security of
    the communication stream.
     Example Scenario: Monitors the unencrypted HTTPS protocol stream before entering the web
    presentation layer.

    4. Application Protocol-based Intrusion Detection System (APIDS):


     Focus: Monitors and interprets communication on application-specific protocols.
     Scope: Resides within a group of servers, identifying intrusions based on application-specific
    protocols.
     Detection Method: Monitors protocols such as SQL explicitly as they transact with databases in
    the web server.
     Example Scenario: Focuses on monitoring communication specific to the middleware and
    database transactions.

    5. Hybrid Intrusion Detection System:


     Focus: Combines two or more approaches to intrusion detection.
     Scope: Integrates both host-level and network-level information for a comprehensive view.
     Detection Method: Utilizes a combination of host agent/system data and network information.
     Example Scenario: Prelude is cited as an example, showcasing the effectiveness of combining
    different intrusion detection approaches.

    each type of IDS has its unique focus, scope, and detection methods, making them suitable for
    different scenarios based on the specific security needs and network architecture of an
    organization. Hybrid IDS, by combining multiple approaches, aims to provide a more robust and
    comprehensive solution.

    You might also like