Uploaded byagasyabutolia
PPTX, PDF53 views

UNIT-4 network information security ID system

The document outlines network and information security, focusing on firewalls and intrusion detection systems (IDS). It explains types of firewalls, such as packet-filtering and proxy firewalls, and their configurations to provide security against cyber threats. Additionally, it describes the role of IDS in monitoring network activity and differentiates between host-based and network-based systems, highlighting the importance of both for effective cybersecurity management.

Embed presentation

Download to read offline
Presentation on Network And Information Security (22620) By Ms.Pritee H. Raut (Assistant Professor) COMPUTER ENGINEERING DEPARTMENT G. H. RAISONI POLYTECHNIC,NAGPUR
UNIT-4 Firewall & Intrusion Detection System (MARKS-18)
Firewall  A firewall is a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules.  A firewall can be hardware, software, or both.  Its purpose is to establish a barrier between your internal network and incoming traffic from external sources (such as the internet) in order to block malicious traffic like viruses and hackers.
Need of firewall  Firewalls represent a first line of defense in home network security. Your home network is only as secure as its least protected device. That’s where a network security system comes in.  An effective, managed firewall will significantly reduce risk to your business. Without a firewall, your business could easily get into a cyber-attack, causing you to lose all of your important data. This would not only disrupt business processes, it would also reduce productivity and likely damage your reputation and brand.
Types of Firewalls  Packet-filtering firewalls  Circuit-level gateways  Application-level gateways (a.k.a. proxy firewalls)
Packet Filtering Firewall  A packet filtering firewall is the most basic type of firewall. It acts like a management program that monitors network traffic and filters incoming packets based on configured security rules.  These firewalls are designed to block network traffic IP protocols, an IP address, and a port number if a data packet does not match the established rule-set.  While packet-filtering firewalls can be considered a fast solution without many resource requirements, they also have some limitations. Because these types of firewalls do not prevent web-based attacks, they are not the safest.  For example, a rule could specify to block all incoming traffic from a certain IP address or disallow all traffic that uses UDP protocol. If there is no match with any predefined rules, it will take default action. The default action can be to ‘discard all packets’ or to ‘accept all packets’.
Application Gateways (Proxy firewall)  Proxy firewalls operate at the application layer as an intermediate device to filter incoming traffic between two end systems (e.g., network and traffic systems). That is why these firewalls are called 'Application-level Gateways'.  Unlike basic firewalls, these firewalls transfer requests from clients pretending to be original clients on the web-server. This protects the client's identity and other suspicious information, keeping the network safe from potential attacks.  Once the connection is established, the proxy firewall inspects data packets coming from the source. If the contents of the incoming data packet are protected, the proxy firewall transfers it to the client. This approach creates an additional layer of security between the client and many different sources on the network.
Circuit-level Gateways  These types of firewalls typically operate at the session-level of the OSI model by verifying TCP (Transmission Control Protocol) connections and sessions. Circuit-level gateways are designed to ensure that the established sessions are protected or safe .  Typically, circuit-level firewalls are implemented as security software or pre-existing firewalls. Like packet-filtering firewalls, these firewalls do not check for actual data, although they inspect information about transactions. Therefore, if a data contains malware, but follows the correct TCP connection, it will pass through the gateway. That is why circuit-level gateways are not considered safe enough to protect our systems.
Firewall Limitations  Firewalls cannot stop internal users from accessing websites with malicious code, making user education critical.  Firewalls cannot protect you from poor decisions.  Firewalls cannot protect you when your security policy is too weak.  It cannot stop attacks if the traffic does not pass through them  They are only as effective as the rules they are configured to enforce.  Firewalls cannot protect against what has been authorized
Policies of firewall  All traffic from inside to outside and vice versa must pass through the firewall.  To achieve this all access to local network must first be physically blocked and access only via the firewall should be permitted.  As per local security policy traffic should be permitted.
Firewall configuration Different firewall configuration:  ScreenHost firewall/Single home bastion  ScreenHost firewall dual home bastion  Screened Subnet firewall
Screen Host firewall: single-homed bastion •In this configuration, there are two firewalls; Application gateway & packet filter which are between the internal network •Each & every host of the internal network is connected to application gateway & packet filter firewall. •The packet filter performs filtering on each & every packet performs the proxy functions. •The main disadvantage of this approach is if the attacker somehow attacks the packet filter firewall then he can access the internal system.
Screened Host Firewall Dual Home Bastion:- • In this configuration there is no end to end connection between the internal host and the packet filter firewall. • It is used to address the drawback of previous approach. • The internal host is connected to the application gateway, the application gateway is further connected to packet filter and the packet filter is connected to internet. • In this schema if the attacker tries to break the packet filter firewall then he/she has still to break the application gateway to enter into the internal network. It will provide the security to internal hosts.
Screened Subnet firewall: • This is the most secure firewall configuration in which there are three firewalls between the internal and the internet • If the attacker wants to enter into the private network then he has to break into all the three firewalls.
DMZ (demilitarized zone)  In networking, a DMZ refers to a subnet that is physically or logically separated from the internal network.  A DMZ or demilitarized zone is a perimeter network that protects and adds an extra layer of security to an organization’s internal local-area network from untrusted traffic.  It Avoids Outside Users From Getting Direct Access To A Company's Data Server.  This subnet is used to separate untrusted devices from trusted devices.  Traditionally, in a DMZ you would put all the devices that are required to be Internet-accessible. These can include your web servers, an FTP server, email exchange servers, etc. Then, access from the DMZ to the internal network is further controlled and closely monitored, usually through a firewall.  For example, a business may have an intranet comprised of employee workstations. The company's public servers, such as the web server and mail server could be placed in a DMZ so they are separate from the workstations. If the servers were compromised by an external attack, the internal systems would be unaffected.
What is one advantage of setting up a DMZ with two firewalls? (sample paper)  You can do load balancing Explanation: In a topology with a single firewall serving both internal and external users (LAN and WAN), it acts as a shared resource for these two zones
Intrusion Detection System (IDS)  An intrusion detection system (IDS) is a tool or software that works with your network to keep it secure and flag when somebody is trying to break into your system.  As mentioned, an IDS is somewhat like a alarm. It watches the activity going on around it and tries to identify undesirable activity.  IDSs are typically divided into two main categories, depending on how they monitor activity:  Host-based IDS Examines activity on an individual system, such as a mail server, web server, or individual PC. It is concerned only with an individual system and usually has no visibility into the activity on the network or systems around it.  Network-based IDS Examines activity on the network itself. It has visibility only into the traffic crossing the network link it is monitoring and typically has no idea of what is happening on individual systems.
Whether or not it is network- or host-based, an IDS will typically consist of several specialized components working together, as illustrated in Figure
Traffic collector (or sensor): This component collects activity/events for the IDS to examine. On host-based IDS, this could be log files, audit logs, or traffic coming to or leaving a specific system. On a network-based IDS, this is typically a mechanism for copying traffic off the network link-basically functioning as a sniffer. This component is often referred to as a sensor. Analysis engine: This component examines the collected network traffic and compares it to known patterns of suspicious or malicious activity stored in the signature database. The analysis engine is the "brain" of the IDS. Signature database: The signature database is a collection of patterns and definitions of known suspicious or malicious activity. User interface and reporting: This component interfaces with the human element, providing alerts whenever required. Because of this user can interact with and operate the IDS.
Categories HIDS NIDS 1. Definition Host Intrusion Detection System Network Intrusion Detection System 2. Type It doesn’t work in real-time Operates in real-time 3. Concern HIDS is related to just a single system, as the name suggests it is only concerned with the threats related to the Host system/computer, NIDS is concerned with the entire network system, NIDS examines the activities and traffic of all the systems in the network. 4. Installation Point HIDS can be installed on each and every computer or server i.e., anything that can serve as a host. NIDS being concerned with the network is installed at places like routers or servers as these are the main intersection points in the network system 5. Execution Process HIDS operates by taking the snapshot of the current status of the system and comparing it against some already stored malicious tagged snapshots stored in the database, this clearly shows that there is a delay in its operation and activities NIDS works in real-time by closely examining the data flow and immediately reporting anything unusual. 6. Information about attack HIDS are more informed about the attacks as they are associated with system files and processes. As the network is very large making it hard to keep track of the integrating functionalities, they are less informed of the attacks 7. Ease of Installation As it needs to be installed on every host, the installation process can be tiresome. Few installation points make it easier to install NIDS 8. Response Time Response time is slow Fast response time
Honeypot  Honeypot is a network-attached system used as a trap to lure cyber-attackers to detect and study the tricks and types of attacks used by hackers. An intentionally compromised computer system allows attackers to exploit vulnerabilities so you can study them to improve your security policies.  Honeypots are mostly used by large companies and organizations involved in cybersecurity. It helps cybersecurity researchers to learn about the different type of attacks used by attackers.
Firewall IDS  A firewall is a hardware and/or software which functions in a networked environment to block unauthorized access while permitting authorized communications.  An Intrusion Detection System (IDS) is a software or hardware device installed on the network (NIDS) or host (HIDS) to detect and report intrusion attempts to the network.  A firewall can block an unauthorized access to network (E.g. A watchman standing at gate can block a thief)  An IDS can only report an intrusion; it cannot block it (E.g. A CCTV camera which can alert about a thief but cannot stop it)  A firewall cannot detect security breaches for traffic that does not pass through it (E.g. a gateman can watch only at front gate. He is not aware of wall-jumpers)  IDS is fully capable of internal security by collecting information from a variety of system and network resources and analyzing the symptoms of security problems  Firewall doesn’t inspect content of permitted traffic. (A gateman will never suspect an employee of the company )  IDS keeps a check of overall network  No man-power is required to manage a firewall.  An administrator (man-power) is required to respond to threats issued by IDS  Firewalls are most visible part of a network to an outsider. Hence, more vulnerable to be attacked first. (A gateman will be the first person attacked by a thief!!)  IDS are very difficult to be spotted in a network (especially stealth mode of IDS).

More Related Content

PPTX
firrewall and intrusion prevention system.pptx
byfatimagull32
 
PPTX
FIREWALL PROJECT.pptx BY SAKSHI SOLAPURE
bySakshiSolapure1
 
PPT
Firewall protection
byVC Infotech
 
PPT
Firewall
bylmbriscoe
 
PDF
Firewalls.pdfdifferencesCalculate the number of moles of Mg(NO3)2 in 44.4 g o...
byFahmiOlayah
 
PPTX
Firewall
bytrilokchandra prakash
 
PPT
Firewall
byAmuthavalli Nachiyar
 
PPT
Day4
byJai4uk
 
firrewall and intrusion prevention system.pptx
byfatimagull32
 
FIREWALL PROJECT.pptx BY SAKSHI SOLAPURE
bySakshiSolapure1
 
Firewall protection
byVC Infotech
 
Firewall
bylmbriscoe
 
Firewalls.pdfdifferencesCalculate the number of moles of Mg(NO3)2 in 44.4 g o...
byFahmiOlayah
 
Firewall
bytrilokchandra prakash
 
Firewall
byAmuthavalli Nachiyar
 
Day4
byJai4uk
 

Similar to UNIT-4 network information security ID system

PPTX
Network defenses
byPrachi Gulihar
 
PPTX
Firewall & DMZ.pptx
bykarthikvcyber
 
PPT
Firewalls
byUniversity of Central Punjab
 
PPT
Class 10 Cyber Security for engineering students
byDrVikasMahor
 
PPTX
firewall firewall firewall firewall firewall firewall firewall firewall
byNagaraja465570
 
PPT
Firewall in tell communication_Basics.ppt
byMohammedAli580048
 
PPTX
Lecture-13-Firewall_information_Security.pptx
byhomecooking511
 
PPT
firewall.ppt
byssuser530a07
 
PPT
Firewall
byApo
 
PPTX
Firewall ( Cyber Security)
byJainam Shah
 
PPTX
Firewall ppt
byLakshmiSamivel
 
PDF
what is firewall in information security?
byhaq107457
 
PPT
Presentation, Firewalls
bykkkseld
 
PDF
what is firewall in information security?
byezoicxcom
 
PPT
Presentation, Firewalls
bykkkseld
 
PPTX
Firewall and Types of firewall
byCoder Tech
 
PPTX
Firewall
byIdris Shah
 
PPT
Network security
byVikas Jagtap
 
PDF
Introduction to Cyber security module - III
byTAMBEMAHENDRA1
 
PPTX
Section c group2_firewall_ final
bypg13tarun_g
 
Network defenses
byPrachi Gulihar
 
Firewall & DMZ.pptx
bykarthikvcyber
 
Firewalls
byUniversity of Central Punjab
 
Class 10 Cyber Security for engineering students
byDrVikasMahor
 
firewall firewall firewall firewall firewall firewall firewall firewall
byNagaraja465570
 
Firewall in tell communication_Basics.ppt
byMohammedAli580048
 
Lecture-13-Firewall_information_Security.pptx
byhomecooking511
 
firewall.ppt
byssuser530a07
 
Firewall
byApo
 
Firewall ( Cyber Security)
byJainam Shah
 
Firewall ppt
byLakshmiSamivel
 
what is firewall in information security?
byhaq107457
 
Presentation, Firewalls
bykkkseld
 
what is firewall in information security?
byezoicxcom
 
Presentation, Firewalls
bykkkseld
 
Firewall and Types of firewall
byCoder Tech
 
Firewall
byIdris Shah
 
Network security
byVikas Jagtap
 
Introduction to Cyber security module - III
byTAMBEMAHENDRA1
 
Section c group2_firewall_ final
bypg13tarun_g
 

Recently uploaded

PDF
Introduction to Cloud Computing-Cloud Security by Dr. K. Adisesha
byAdiseshaK
 
PDF
Introduction Cloud Computing-Cloud Solutions ppt by Dr. K. Adisesha
byAdiseshaK
 
PPTX
Beyond SAP: Domain-Specific SaaS for Maintenance 4.0 | MaintWiz CMMS
byMaintWiz Technologies Private Limited
 
PPTX
Importance of Management of Change | MaintWiz CMMS
byMaintWiz Technologies Private Limited
 
PPTX
EcoSath Hackathon Final Presentation Based on ESG Data
byshashirwr2016
 
PDF
Operating System Concepts-Memory Management by Dr. K. Adisesha
byAdiseshaK
 
PDF
Operating System Concepts-Linux and Shell Programming by K. Adi
byAdiseshaK
 
PPTX
Green-ICT-and-Sustainable-Technology-Powering-a-Greener-Digital-Future.pptx
byRAJVEEPATEL13
 
PDF
Synopsys ICC2_ Essential Commands for Physical Design.pdf
byMIK72
 
PDF
2025 MediaEval Medico Organizer Presentation
bySushant Gautam
 
PPTX
19ECX25-CAD for VLSI Circuits Unit-1.pptx
bytamil arasan
 
PPTX
chapter 2 EMI Mitigation techniques.pptx
bybewnet
 
PDF
DevSecOps - November + MCP Workshop @ Google
byLuiz Carneiro
 
PPTX
METAFABRIC – Cooling Textiles with Radiative Properties
bytamilarasi192002
 
PPTX
Rahul Sharma.pptx for summer internshipp
byirfan7231089794
 
PPTX
Motor control in Electric Vehicles .pptx
bySahasranshuSA
 
PPTX
Pavement Quality Concrete Design Lecture.pptx
byAditya Rajan Patra
 
PDF
A Guide to Boiler Operation and Maintenance
byMahmoud Moghtaderi
 
PDF
Impact of Different Curing Techniques in Evaluating the Strength of the Rolle...
byAbdullah Al-Ani
 
PDF
Resonating 25 years of service- 1988 exam batch.pdf
byRajesh Prasad
 
Introduction to Cloud Computing-Cloud Security by Dr. K. Adisesha
byAdiseshaK
 
Introduction Cloud Computing-Cloud Solutions ppt by Dr. K. Adisesha
byAdiseshaK
 
Beyond SAP: Domain-Specific SaaS for Maintenance 4.0 | MaintWiz CMMS
byMaintWiz Technologies Private Limited
 
Importance of Management of Change | MaintWiz CMMS
byMaintWiz Technologies Private Limited
 
EcoSath Hackathon Final Presentation Based on ESG Data
byshashirwr2016
 
Operating System Concepts-Memory Management by Dr. K. Adisesha
byAdiseshaK
 
Operating System Concepts-Linux and Shell Programming by K. Adi
byAdiseshaK
 
Green-ICT-and-Sustainable-Technology-Powering-a-Greener-Digital-Future.pptx
byRAJVEEPATEL13
 
Synopsys ICC2_ Essential Commands for Physical Design.pdf
byMIK72
 
2025 MediaEval Medico Organizer Presentation
bySushant Gautam
 
19ECX25-CAD for VLSI Circuits Unit-1.pptx
bytamil arasan
 
chapter 2 EMI Mitigation techniques.pptx
bybewnet
 
DevSecOps - November + MCP Workshop @ Google
byLuiz Carneiro
 
METAFABRIC – Cooling Textiles with Radiative Properties
bytamilarasi192002
 
Rahul Sharma.pptx for summer internshipp
byirfan7231089794
 
Motor control in Electric Vehicles .pptx
bySahasranshuSA
 
Pavement Quality Concrete Design Lecture.pptx
byAditya Rajan Patra
 
A Guide to Boiler Operation and Maintenance
byMahmoud Moghtaderi
 
Impact of Different Curing Techniques in Evaluating the Strength of the Rolle...
byAbdullah Al-Ani
 
Resonating 25 years of service- 1988 exam batch.pdf
byRajesh Prasad
 

UNIT-4 network information security ID system

  • 1.
    Presentation on Network And InformationSecurity (22620) By Ms.Pritee H. Raut (Assistant Professor) COMPUTER ENGINEERING DEPARTMENT G. H. RAISONI POLYTECHNIC,NAGPUR
  • 2.
    UNIT-4 Firewall & IntrusionDetection System (MARKS-18)
  • 3.
    Firewall  A firewallis a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules.  A firewall can be hardware, software, or both.  Its purpose is to establish a barrier between your internal network and incoming traffic from external sources (such as the internet) in order to block malicious traffic like viruses and hackers.
  • 4.
    Need of firewall Firewalls represent a first line of defense in home network security. Your home network is only as secure as its least protected device. That’s where a network security system comes in.  An effective, managed firewall will significantly reduce risk to your business. Without a firewall, your business could easily get into a cyber-attack, causing you to lose all of your important data. This would not only disrupt business processes, it would also reduce productivity and likely damage your reputation and brand.
  • 5.
    Types of Firewalls Packet-filtering firewalls  Circuit-level gateways  Application-level gateways (a.k.a. proxy firewalls)
  • 6.
    Packet Filtering Firewall A packet filtering firewall is the most basic type of firewall. It acts like a management program that monitors network traffic and filters incoming packets based on configured security rules.  These firewalls are designed to block network traffic IP protocols, an IP address, and a port number if a data packet does not match the established rule-set.  While packet-filtering firewalls can be considered a fast solution without many resource requirements, they also have some limitations. Because these types of firewalls do not prevent web-based attacks, they are not the safest.  For example, a rule could specify to block all incoming traffic from a certain IP address or disallow all traffic that uses UDP protocol. If there is no match with any predefined rules, it will take default action. The default action can be to ‘discard all packets’ or to ‘accept all packets’.
  • 7.
    Application Gateways (Proxyfirewall)  Proxy firewalls operate at the application layer as an intermediate device to filter incoming traffic between two end systems (e.g., network and traffic systems). That is why these firewalls are called 'Application-level Gateways'.  Unlike basic firewalls, these firewalls transfer requests from clients pretending to be original clients on the web-server. This protects the client's identity and other suspicious information, keeping the network safe from potential attacks.  Once the connection is established, the proxy firewall inspects data packets coming from the source. If the contents of the incoming data packet are protected, the proxy firewall transfers it to the client. This approach creates an additional layer of security between the client and many different sources on the network.
  • 8.
    Circuit-level Gateways  Thesetypes of firewalls typically operate at the session-level of the OSI model by verifying TCP (Transmission Control Protocol) connections and sessions. Circuit-level gateways are designed to ensure that the established sessions are protected or safe .  Typically, circuit-level firewalls are implemented as security software or pre-existing firewalls. Like packet-filtering firewalls, these firewalls do not check for actual data, although they inspect information about transactions. Therefore, if a data contains malware, but follows the correct TCP connection, it will pass through the gateway. That is why circuit-level gateways are not considered safe enough to protect our systems.
  • 9.
    Firewall Limitations  Firewallscannot stop internal users from accessing websites with malicious code, making user education critical.  Firewalls cannot protect you from poor decisions.  Firewalls cannot protect you when your security policy is too weak.  It cannot stop attacks if the traffic does not pass through them  They are only as effective as the rules they are configured to enforce.  Firewalls cannot protect against what has been authorized
  • 10.
    Policies of firewall All traffic from inside to outside and vice versa must pass through the firewall.  To achieve this all access to local network must first be physically blocked and access only via the firewall should be permitted.  As per local security policy traffic should be permitted.
  • 11.
    Firewall configuration Different firewallconfiguration:  ScreenHost firewall/Single home bastion  ScreenHost firewall dual home bastion  Screened Subnet firewall
  • 12.
    Screen Host firewall:single-homed bastion •In this configuration, there are two firewalls; Application gateway & packet filter which are between the internal network •Each & every host of the internal network is connected to application gateway & packet filter firewall. •The packet filter performs filtering on each & every packet performs the proxy functions. •The main disadvantage of this approach is if the attacker somehow attacks the packet filter firewall then he can access the internal system.
  • 13.
    Screened Host FirewallDual Home Bastion:- • In this configuration there is no end to end connection between the internal host and the packet filter firewall. • It is used to address the drawback of previous approach. • The internal host is connected to the application gateway, the application gateway is further connected to packet filter and the packet filter is connected to internet. • In this schema if the attacker tries to break the packet filter firewall then he/she has still to break the application gateway to enter into the internal network. It will provide the security to internal hosts.
  • 14.
    Screened Subnet firewall: •This is the most secure firewall configuration in which there are three firewalls between the internal and the internet • If the attacker wants to enter into the private network then he has to break into all the three firewalls.
  • 15.
    DMZ (demilitarized zone) In networking, a DMZ refers to a subnet that is physically or logically separated from the internal network.  A DMZ or demilitarized zone is a perimeter network that protects and adds an extra layer of security to an organization’s internal local-area network from untrusted traffic.  It Avoids Outside Users From Getting Direct Access To A Company's Data Server.  This subnet is used to separate untrusted devices from trusted devices.  Traditionally, in a DMZ you would put all the devices that are required to be Internet-accessible. These can include your web servers, an FTP server, email exchange servers, etc. Then, access from the DMZ to the internal network is further controlled and closely monitored, usually through a firewall.  For example, a business may have an intranet comprised of employee workstations. The company's public servers, such as the web server and mail server could be placed in a DMZ so they are separate from the workstations. If the servers were compromised by an external attack, the internal systems would be unaffected.
  • 16.
    What is oneadvantage of setting up a DMZ with two firewalls? (sample paper)  You can do load balancing Explanation: In a topology with a single firewall serving both internal and external users (LAN and WAN), it acts as a shared resource for these two zones
  • 18.
    Intrusion Detection System(IDS)  An intrusion detection system (IDS) is a tool or software that works with your network to keep it secure and flag when somebody is trying to break into your system.  As mentioned, an IDS is somewhat like a alarm. It watches the activity going on around it and tries to identify undesirable activity.  IDSs are typically divided into two main categories, depending on how they monitor activity:  Host-based IDS Examines activity on an individual system, such as a mail server, web server, or individual PC. It is concerned only with an individual system and usually has no visibility into the activity on the network or systems around it.  Network-based IDS Examines activity on the network itself. It has visibility only into the traffic crossing the network link it is monitoring and typically has no idea of what is happening on individual systems.
  • 19.
    Whether or notit is network- or host-based, an IDS will typically consist of several specialized components working together, as illustrated in Figure
  • 20.
    Traffic collector (orsensor): This component collects activity/events for the IDS to examine. On host-based IDS, this could be log files, audit logs, or traffic coming to or leaving a specific system. On a network-based IDS, this is typically a mechanism for copying traffic off the network link-basically functioning as a sniffer. This component is often referred to as a sensor. Analysis engine: This component examines the collected network traffic and compares it to known patterns of suspicious or malicious activity stored in the signature database. The analysis engine is the "brain" of the IDS. Signature database: The signature database is a collection of patterns and definitions of known suspicious or malicious activity. User interface and reporting: This component interfaces with the human element, providing alerts whenever required. Because of this user can interact with and operate the IDS.
  • 21.
    Categories HIDS NIDS 1.Definition Host Intrusion Detection System Network Intrusion Detection System 2. Type It doesn’t work in real-time Operates in real-time 3. Concern HIDS is related to just a single system, as the name suggests it is only concerned with the threats related to the Host system/computer, NIDS is concerned with the entire network system, NIDS examines the activities and traffic of all the systems in the network. 4. Installation Point HIDS can be installed on each and every computer or server i.e., anything that can serve as a host. NIDS being concerned with the network is installed at places like routers or servers as these are the main intersection points in the network system 5. Execution Process HIDS operates by taking the snapshot of the current status of the system and comparing it against some already stored malicious tagged snapshots stored in the database, this clearly shows that there is a delay in its operation and activities NIDS works in real-time by closely examining the data flow and immediately reporting anything unusual. 6. Information about attack HIDS are more informed about the attacks as they are associated with system files and processes. As the network is very large making it hard to keep track of the integrating functionalities, they are less informed of the attacks 7. Ease of Installation As it needs to be installed on every host, the installation process can be tiresome. Few installation points make it easier to install NIDS 8. Response Time Response time is slow Fast response time
  • 22.
    Honeypot  Honeypot isa network-attached system used as a trap to lure cyber-attackers to detect and study the tricks and types of attacks used by hackers. An intentionally compromised computer system allows attackers to exploit vulnerabilities so you can study them to improve your security policies.  Honeypots are mostly used by large companies and organizations involved in cybersecurity. It helps cybersecurity researchers to learn about the different type of attacks used by attackers.
  • 23.
    Firewall IDS  Afirewall is a hardware and/or software which functions in a networked environment to block unauthorized access while permitting authorized communications.  An Intrusion Detection System (IDS) is a software or hardware device installed on the network (NIDS) or host (HIDS) to detect and report intrusion attempts to the network.  A firewall can block an unauthorized access to network (E.g. A watchman standing at gate can block a thief)  An IDS can only report an intrusion; it cannot block it (E.g. A CCTV camera which can alert about a thief but cannot stop it)  A firewall cannot detect security breaches for traffic that does not pass through it (E.g. a gateman can watch only at front gate. He is not aware of wall-jumpers)  IDS is fully capable of internal security by collecting information from a variety of system and network resources and analyzing the symptoms of security problems  Firewall doesn’t inspect content of permitted traffic. (A gateman will never suspect an employee of the company )  IDS keeps a check of overall network  No man-power is required to manage a firewall.  An administrator (man-power) is required to respond to threats issued by IDS  Firewalls are most visible part of a network to an outsider. Hence, more vulnerable to be attacked first. (A gateman will be the first person attacked by a thief!!)  IDS are very difficult to be spotted in a network (especially stealth mode of IDS).