IDSs Come in Different Flavors

IDSs have matured to the point where there are essentially two types of IDSs: Network IDS (NIDS) and Host IDS (HIDS). Host IDS resides on one machine and monitors that specific machine for intrusion attempts. More popular is the Network IDS, which monitors traffic as it flows through a network en route to other hosts. One type is not better than the other; each is appropriate for specific situations.

Host-Based IDS

Host-based IDSs (HIDSs) monitor for attacks at the operating system, application, or kernel level. HIDSs have access to audit logs, error messages, service and application rights, and any resource available to the monitored host. Additionally, HIDSs can be application aware. They have knowledge about ...

Get Intrusion Detection with Snort now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.