Describe host-based intrusion detection.
What will be an ideal response?
In host-based intrusion detection, every computer (host) on the network is responsible for examining its network traffic and recognizing the signatures of different types of intrusions. These may be denial of service attacks, buffer overflow attacks, and malicious code such as worms and scripts. These problems may be discovered and prevented through the use of a software firewall and an anti-virus application. It may, however, be necessary to verify the integrity of a system, as firewalls and anti-virus programs are not perfect. Sometimes the malicious code gets through because it is new and the signatures for its detection are not yet distributed. One way to help detect that a system is not compromised is to examine critical system files for changes. This may be done by creating a secure hash of a set of files and periodically rehashing the files to look for any changes.
Host-based intrusion detection may be expensive to implement due to having to purchase firewall, anti-virus, or other protective software for every system on the network. It is also a decentralized approach, since the intrusion detection is being performed on individual systems. This may require a significant amount of time for IT personnel to maintain the systems and respond to individual problems.
You might also like to view...
MC A binary operator is overloaded as a method with two arguments—references to self and______ .
a) the calling object. b) another object. c) an operator. d) None of the above.
The _________, embedded instructions, for a router impact its performance and capabilities. A. firmware B. control layout C. database D. firewall
Fill in the blank(s) with the appropriate word(s).
When an embedded chart is selected, the original worksheet tabs appear and a new tab named ________ is added to the left
A) DataChart B) NewChart C) ChartTab D) Chart1
You can change the theme colors of a presentation from the ________ tab
A) Slide Show B) Design C) View D) Home