What are the different types of Intrusion Detection Systems?

1.    Network-based Intrusion Detection System (NIDS)

A NIDS system operates at the network level and monitors traffic from all devices going in and out of the network. NIDS performs analysis on the traffic looking for patterns and abnormal behaviors upon which a warning is sent. For example, if a port scan is performed on a network secured by an IDS, it is flagged. Then, it is investigated further by cyber security experts. A warning is also flagged should the NIDS detects a change, such as the standard packet size or traffic load. Some advantages of NIDS include:

  • NIDS is easily introduced into an existing network with minimal disruptions.
  • Maybe undetectable by attackers and are mostly immune to direct attacks.

However, some disadvantages are they (at times) cannot handle large traffic volumes, and they cannot analyse encrypted data or fragmented packets.

2.    Host-based Intrusion Detection System (HIDS)

The HIDS, unlike the NIDS which monitors the entire network. HIDS monitors system data and looks for malicious activity on an individual host. HIDS take snapshots, and if they change over time maliciously, an alert is raised.  A HIDS analyzes the change management in the operating system files, logs, as well as software and many more.

Let’s look at a couple of advantages of a Host-based IDS include:

  • HIDS can access encrypted data packets and can detect attacks with elusive capabilities.
  • Information in audit logs is used to monitor changes in systems and application programs.

Some drawbacks are:

  • Firstly, a direct attack against the host’s operating system makes them vulnerable too.
  • Also, it can use large amounts of disk space.

Intrusion Detection Systems from m3 Networks

If you want to protect your business network with an Intrusion Detection System, call us today on 01738 237001