Pages

IDS

Group C:

From the given article answer the following questions:


1-  Define IDS?


The system that identify and responding to malicious activity targeted at computing and networking resources


 2-  Is IDS enough as control security in any network? Explain

Not enough, because we need firewall to block attacks.IDS solution is designed to monitor events in an IT system, thus complementing the first line of defense (behind firewall) against attacks.

3-   What are the disadvantages of HIDS compared to NIDS?

It is not easier to update hosts/components of HIDS; whereas in NIDS we can easily update the components. In HIDS it needs more effort to monitor the activity of the new host. When an OS is brought down by an attack, the HIDS goes down with the system, HIDS may also be ineffective during a DoS attack.

4   4-  What are the objectives of IDS?

There are two objectives of IDS:
1. High accuracy (Low false alarms)
2. High performance (High speed of auditing).

      5-  Why Signature IDS is not able to detect zero-day attacks?

SIDS cannot detect zero day attack because new viruses are not updated in the database; so it will not be able to detect and the other reason is the database maybe out of date.
There are two types of IDS based on the data source: Packet IDS and Flow IDS. Packet IDS analyzes the whole packet payload while flow IDS doesn’t inspect the payload, it rather inspects a summary of the headers only.

6-  Is it possible to operate packet-based IDS in high traffic speed? Explain.


It is not possible because it will have to monitor every payload received; it is very time consuming and the speed of internet is rising up so it is impossible to perform packet based in high traffic speed (Gigabits per second).  

Choose the best answer:
1    .      Another name of Anomaly IDS is : 1) misuse IDS   2) behavior IDS
2     .      Signature based IDS mostly use: 1) packet-based   2) flow-based
3     .      Anomaly based IDS mostly use: 1) packet-based   2) flow-based


References:

Alaidaros, H., Mahmuddin, M., & Al-Mazari, A. (2011). An Overview of Flow-Based and Packet-Based Intrusion Detection Performance in High Speed Networks.

No comments:

Post a Comment