Intrusion Detection Systems Overview

Questions and Answers

What distinguishes network-based IDS from host-based IDS in terms of visibility?

• Host-based IDS have a complete picture of the network segment
• Network-based IDS see entire network packets, including header information (correct)
• Network-based IDS only monitor packet headers
• Host-based IDS are better at detecting network-borne attacks

What is the primary function of network-based IDS?

• Intercepting system calls and analyzing them
• Identifying unauthorized file modifications
• Detecting DoS attacks and unauthorized user access (correct)
• Monitoring log files for indications of intrusions

What is a specific focus of network-based IDS systems?

• Intercepting and analyzing system calls
• Monitoring log files for indications of intrusions
• Analyzing unauthorized file modifications
• Locating packets missed by the firewall (correct)

What is a key strength of host-based IDS systems?

Monitoring traffic on a host-by-host basis (A)

Which type of IDS is best at detecting unauthorized file modifications and user activity?

Host-based IDS (B)

Flashcards are hidden until you start studying

Study Notes

Network-based IDS vs Host-based IDS

• Network-based IDS has visibility of network traffic, whereas host-based IDS has visibility of activities within a host or system.
• Primary function of network-based IDS is to monitor and analyze network traffic to identify signs of unauthorized access or malicious activity.
• Network-based IDS systems specifically focus on detecting and preventing attacks that are launched across the network.

Host-based IDS

• Key strength of host-based IDS systems is their ability to detect and respond to system-level anomalies and unauthorized activities.
• Host-based IDS is best at detecting unauthorized file modifications and user activity due to its visibility into system-level events and activities.