YogeshChauhan . com

What Does Host-Based Intrusion Detection System (HIDS) Mean and What Are Some Advantages Over NIDS?

in Misc on January 30, 2020

What does Host-Based Intrusion Detection System (HIDS) mean?

A host-based intrusion detection system (HIDS) is a system that capable of monitoring and analyzing a computer system on which it is installed to detect an intrusion and logs in the activity. It’s like a watchman for a building.

It is similar to firewall, except it detect intrusions.

host-based intrusion detection systems (HIDS) are systems that sit at service endpoints rather than in the network transit points like NIDS. 

The first type of IDS that’s widely implemented, Host IDS, is installed on servers and is more focused on analyzing the specific operating system and application functionality residing on the HIDS host. 

HIDS are often critical in detecting internal attacks directed towards an organization’s servers such as DNS, mail, and web servers. 

HIDS can detect a variety of potential attack situations such as file permission changes and improperly formed client–server requests.

Why do we need HIDS?

NOTE: There are many more advantages of HIDS over NIDS like file logging, inspecting unencrypted inbound traffic, application level attributes to detect intrusion, Specific user activity based on files, processes, system calls etc. but I've talked about just few top advantages in detail.

Advantage 1: NIDS may not be able to catch all intrusions as HIDS is more versatile and it’s great for large traffic.

Advantage 2: Insertion/evasion techniques bypass NIDS but not HIDS.

Following are the examples of Insertion/evasion techniques

1. Fragmentation and small packets

Attackers can evade IDS by crafting packets in such a way that the end host interprets the attack payload correctly while the IDS either interprets the attack incorrectly or determines that the traffic is benign too quickly.

One basic technique is to split the attack payload into multiple small packets, so that the IDS must reassemble the packet stream to detect the attack.

One evasion technique is to pause between sending parts of the attack, hoping that the IDS will time out before the target computer does. A second evasion technique is to send the packets out of order, confusing simple packet re-assemblers but not the target computer.

2. Overlapping fragments and TCP segments

Another evasion technique is to craft a series of packets with TCP sequence numbers configured to overlap. For example, the first packet will include 90 bytes of payload, but the second packet's sequence number will be 86 bytes after the start of the first packet. 

When the target computer reassembles the TCP stream, they must decide how to handle the four overlapping bytes.

3. Some IDS evasion techniques involve deliberately manipulating TCP or IP protocols in a way the target computer will handle differently from the IDS.

4. Attacks which are spread out across a long period of time or a large number of source IPs, such as nmap's slow scan, can be difficult to pick out of the background of benign traffic.

Advantage 3: And the last but not list advantage of HIDS is that it allows admin to determine if a host was compromised due to attack.

amazon

Most Read

#1 How to check if radio button is checked or not using JavaScript? #2 Solution to “TypeError: ‘x’ is not iterable” in Angular 9 #3 How to add Read More Read Less Button using JavaScript? #4 How to uninstall Cocoapods from the Mac OS? #5 How to Use SQL MAX() Function with Dates? #6 PHP Login System using PDO Part 1: Create User Registration Page

Recently Posted

Jun 16 What are Stored Procedures for SQL Server? Jun 16 What are Class Constants in PHP? Jun 15 A short basic guide on states in React Jun 15 How to define constants in PHP? Jun 15 How to define visibility for a property in PHP? Jun 15 How to use @if and @else in SCSS?

You might also like these

How to create a Child Theme in WordPress?WordPressHow to create a simple slider with CSS and jQuery?CSSHow to host Google fonts on your server and add them using CSS?CSSHow to set default timezone using PHP?PHPHow SCSS (Sass) finds a module without a file extension?SCSSHow to create a secure random number using JavaScript?JavaScript