Host-based IDS
Host-based intrusion detection systems specifically look for vulnerable
systems. They use a host-based agent that works on each server in order
to monitor both the system logs and the audit trails for any activity that
might indicate a hacker trying to breach your security.
Hacker behavior An intrusion detection system looks for specific
behavior indicative of a hacker trying to breach your network.
This type of activity will more than likely include:
� Modifying file permissions
� Multiple failed login attempts
� Excessive “after-hours” activity
� Failed access attempts on multiple accounts
� Spikes in activity (indicative of a program trying multiple login/password
combinations)
A good host agent can analyze an attack in progress, determine from the
log that a malicious event is happening, and immediately send an alert notifying the network administrator that a hacker attack is in progress. The
only useful way to protect your systems is to know of an attack as soon as it
occurs (preferably before) since information is the best weapon of defense.
90 times read
|
Related news
|
| No matching news for this article |
|
Did you enjoy this article?
(total 0 votes)
|
Sections
Syndication
