IDSs Come in Different Flavors
IDSs have matured to the point where there are essentially two types of IDSs: Network IDS (NIDS) and Host IDS (HIDS). Host IDS resides on one machine and monitors that specific machine for intrusion attempts. More popular is the Network IDS, which monitors traffic as it flows through a network en route to other hosts. One type is not better than the other; each is appropriate for specific situations.
Host-based IDSs (HIDSs) monitor for attacks at the operating system, application, or kernel level. HIDSs have access to audit logs, error messages, service and application rights, and any resource available to the monitored host. Additionally, HIDSs can be application aware. They have knowledge about ...