IDS

To read and view the article click on the topic between (……)

From the given article (AN OVERVIEW OF FLOW-BASED AND PACKET-BASED INTRUSION DETECTION PERFORMANCE IN HIGH SPEED NETWORKS )

 We will answer the following questions:

1.     Define IDS

Intrusion Detection can be defined as the process of monitoring and identifying the computer and network events. To determine the emergence of any abnormal incident, as consequence, this unusual event is considered to be an intrusion. It can be defined as “the process of identifying and responding to malicious activity targeted at computing and networking resources”. It detects unwanted exploitation to computer system, both through the Internet and Intranet.

2.     What are the differences between IDS and Firewall?

IDS	FIREWALL
ê IDS can read and detect all data’s in payload that firewall cannot read.  ê An Intrusion Detection System (IDS) cannot block connection. ê An Intrusion Detection System (IDS) alert any intrusion attempts to the security administrator. However an Intrusion Detection and Prevention System (IDPS) can block connections if it finds the connections is an intrusion attempt.	ê Firewall is a device and/or software that stands between a local network and the Internet, and filters traffic that might be harmful.  ê Firewall differs in the sense that they don’t usually have capability to search for anomalies or specific content patterns, such as spamming and worms. ê A firewall is a system designed to prevent unauthorized access from private network. ê All messages entering or leaving the intranet pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria.
A firewall can block connection, while an Intrusion Detection System (IDS) cannot block connection. An Intrusion Detection System (IDS) alert any intrusion attempts to the security administrator.

3.     What are the advantages of using NIDS compared to HIDS?

In contrast to HIDSs, the deployment of new host in network does not need more effort to monitor the network activity of that new host. Generally, it is easier to update one component of NIDSs than many components of HIDSs on hosts.

4.     What are the objectives of IDS?

• High accuracy (low false alarms)

• High performance (high speed of auditing)

5.     How Packet-based IDS works?

Packets capturing and analysis can take place at different locations such as routers, switches, and network monitors form which the resulting measurement data is transported to a remote analysis system.

6.     Which type of IDS has more accuracy: packet-based or flow-based? Explain why?

Packet-based, because it is read the payload data, and one of the high speed environment.

Choose the best answer:

1.     Another name of Anomaly IDS is: 1) misuse IDS   2) behavior IDS

2.     Signature based IDS mostly use: 1) packet-based          2) flow-based

3.     Anomaly based IDS mostly use: 1) packet-based           2) flow-based

Information recourse: AN OVERVIEW OF FLOW-BASED AND PACKET-BASED INTRUSION DETECTION PERFORMANCE IN HIGH SPEED NETWORKS

Alaidaros, H., Mahmuddin, M., & Al-Mazari, A. (2011). An Overview of Flow-Based and Packet-Based Intrusion Detection Performance in High Speed Networks.