What is Host-based intrusion detection system (HIDS)? HIDS looks for potential risks by monitoring & analyzing a computing system & network. These are softwares. Typical configurations allow several HIDS scattered around the network and send their results to a centralized server that scanned for risks and alerts. First type of intrusion detection software that was designed, with the original objective on Mainframe computers. An Intrusion Detection System is a program of detection of unauthorized access to a computer or a network. The IDS usually has virtual sensors (for example, a sniffer network) with the core of the IDS can get external data (usually on network traffic). The IDS detects the anomalies that may indicate the presence of attacks.
There are two types of intrusion detection systems:
- HIDS (HostIDS): the principle of operation of a HIDS, depends on the success of the intruders, who generally leave traces of activities on the target machine when they try to take possession of it, for the purpose of carrying out other activities. HIDS tries to detect such changes on the affected computer, and make a report of its findings.
- NIDS (NetworkIDS): A network-based IDS, detecting attacks the entire network segment. Its interface should work in promiscuous mode thus capturing all the network traffic.
We are talking about Host-based intrusion detection system (HIDS).
What is Host-based intrusion detection system (HIDS)?
Host-based intrusion detection system (HIDS) usually do their best to prevent the database objects, checksum and reports any form of manipulation. After all, if the intruders able to modify any of the objects that the HIDS monitor, nothing could stop the intruders such modification from the part of HIDS – unless security administrators to take appropriate precautions. Many worms and viruses try to disable anti-virus tools, for example.
Apart from the crypto-techniques, HIDS could allow administrators to store the database on an optical disk or other devices which uses a read only memory or store them in a memory outside the system. Similarly a HIDS frequently send their records (logs) outside the system immediately – usually using VPN channels to a central management system.
Trusted Platform Module is often mistakenly described as a type of HIDS. Trusted Platform Module differs in many respects with HIDS, which essentially provides a means to identify if something/someone. Architecturally this provides maximum (at least so far) host-based detection of intrusion, as it depends on an external hardware to the CPU itself, thus making it much harder for an intruder to corrupt the database and checksums.