1) Can detect attempts to exploit new and unforeseen vulnerabilities
2) Can recognize authorized usage that falls outside the normal pattern
1) Generally slower, more resource intensive compared to signature-based IDS
2) Greater complexity, difficult to configure
3) Higher percentages of false alerts
1) Easy deployment
2) Unobtrusive
3) Difficult to evade if done at low level of network operation
1) Fail Open
2) Different hosts process packets differently
3) NIDS needs to create traffic seen at the end host
4) Need to have the complete network topology and complete host behavior.
2) Can analyze audit-trails, logs, integrity of files and directories, etc.
2) Less volume of traffic so less overhead
2) What happens when host get compromised?
No comments:
Post a Comment