IDS


1. Define IDS :  
the process of monitoring and identifying the computer and network events, to determine the emergence of any abnormal incident, as consequence, this unusual event is considered to be an intrusion.


2. Is Firewall enough as control security in any network? Explain why?
NOT enough, For these reasons, IDSs must be at first line of defense and work along with firewalls. Unlike firewalls, they are automated because they don’t depend on human’s decision.

3. Do you recommend to use both HIDS and NIDS in your network? Explain why?
yes, we recommend because , NIDSs have the following advantages: In contrast to HIDSs, the deployment of new host in network does not need more effort to monitor the network activity of that new host. Generally, it is easier to update one component of NIDSs than many components of HIDSs on hosts.
HIDSs advantages
  1. Verifies success or failure of an attack.
  2. occurred or not.
  3. Monitors System Activities.
  4. Detects attacks that a network based IDS fail to detect.
  5. Host based systems can detect attacks that network based IDS sensors fail to detect. .
  6. Near real time detection and response.
  7. Lower entry cost.

 4.  Discuss the main challenges that facing IDS.
  • The first challenge is high speed of the network traffic which  means that the NIDSs will receive a large amount of data.
  •  The second challenge is the growth and fast emergence of new attacks/viruses/worms on the Internet.

5.  Why anomaly IDS produces many false alarms?
- Change in the network topology (e.g. routing changes or new connected hosts)
-Network usage (e.g., changed customer behavior, new applications)



There are two types of IDS based on the data source: Packet IDS and Flow IDS. Packet IDS analysis the whole packet payload while flow IDS doesn’t inspect the payload, it rather inspects a summary of the headers only.

6. How flow-based IDS works?
Using network flow or data flow and the important one about the network. The flow is a flow dose not provide any load package to reverse based approach and also rely on information flows and network statistics. Flow based NIDSS also called ( Network behavior analysis)   

 

Choose the best answer:
1.       Another name of Anomaly IDS is : 1) misuse IDS   2) behaviour IDS

2.       Signature based IDS mostly use: 1) packet-based          2) flow-based
3.       Anomaly based IDS mostly use: 1) packet-based           2) flow-based

No comments:

Post a Comment

Subscribe to: Posts (Atom)