Comparison of Intrusion Detection System
Comparison of Intrusion Detection System
| Type | Advantages | Disadvantages |
| Application intrusion detection | Provides a high level of granularity | Too many applications to support |
| Covers only one component | ||
| Host intrusion detection | Verifies success or failure of an attack | Network activity is not visible to host-based sensors |
| Monitors specific system activities | Running audit mechanisms can use additional resources | |
| Detects attacks that network-based systems miss | When audit trails are used as data sources, they can take up significant storage | |
| Well suited for encrypted and switched environments | Host-based sensors must be platform-specific | |
| Requires no additional hardware | Management and deployment | |
| Lower cost of entry | ||
| Network intrusion detection | Lowers cost of ownership | Unable to determine outcome |
| Detects attacks that host-based systems miss | Unable to read encrypted traffic | |
| More difficult for an attacker to remove evidence | Unable to save all packets on a switched network | |
| Fast detection and response | Unable to handle high-speed networks | |
| Detects unsuccessful attacks and malicious intent | ||
| Operating system independence | ||
| Integrated intrusion detection | Trend analysis | Interoperability issues |
| Stability | Feeling too secure | |
| Cost savings |
Bookmark/Search this post with:
| Attachment | Size |
|---|---|
| comparison-of-intrusion-detection-systems.jpg | 18.58 KB |
| comparison-of-intrusion-detection-systems.xls | 15.5 KB |
| comparison-of-intrusion-detection-systems.pdf | 9.42 KB |
- 591 reads