Important Notice: Our web hosting provider recently started charging us for additional visits, which was unexpected. In response, we're seeking donations. Depending on the situation, we may explore different monetization options for our Community and Expert Contributors. It's crucial to provide more returns for their expertise and offer more Expert Validated Answers or AI Validated Answers. Learn more about our hosting issue here.

What is host-based intrusion detection?

detection host-based intrusion
0
10 Posted

What is host-based intrusion detection?

0 CommentsAdd a Comment

1 Answer

0
10

Host-based ID involves loading a piece or pieces of software on the system to be monitored. The loaded software uses log files and/or the system’s auditing agents as sources of data. In contrast, a network- based ID system monitors the traffic on its network segment as a data source. Both network-based and host-based ID sensors have pros and cons, and in the end, you’ll probably want to use a combination of each. The person responsible for monitoring the IDS needs to be an alert, competent System Administrator, who is familiar with the host machine, network connections, users and their habits, and all software installed on the machine. This doesn’t mean that he or she must be an expert on the software itself, but rather needs a feel for how the machine is supposed to be running and what programs are legitimate. Many break-ins have been contained by attentive Sys Admins who have noticed something “different” about their machines or who have noticed a user logged on at a time atypical fo

0 CommentsAdd a Comment

Related Questions

What is your question?

*Sadly, we had to bring back ads too. Hopefully more targeted.

Experts123