Intrusion Detection Systems: A Deep Dive Into NIDS & HIDS

In an ideal world, the only ones accessing your network systems are people you know and trust. Giving access to vendors and clients that add value to your business would be commonplace.

Unfortunately, the sad reality is unscrupulous elements around the world are constantly looking to stage an intrusion through a variety of ways: ransomware, insider threats and sync errors. All they need is a glimmer of an opportunity to strike.

While you certainly wouldn’t want anyone with malicious intent accessing your systems and compromising your data security, preventing the bad guys from trying to do so is nigh on impossible. However, you can definitely guard your business against such attempts and strive to identify and eliminate the source of any potential intrusion.

And that’s where intrusion detection systems come in.

A depiction of "Intrusion Detection" that includes a security camera and sounding alarms.

What is an Intrusion Detection System (IDS)? 

An Intrusion Detection System (IDS) monitors network traffic for suspicious activities and known threats, and issues alerts when such activities are discovered.

Essentially, an IDS is a packet sniffer that detects anomalies in data packets traveling along various channels. Their role is to:

  • Monitor systems. Assess and evaluate routers, firewalls, key management servers and files, in order to tackle cyberattacks.
  • Research system logs. View OS audit trails and other logs to fine-tune systems for better protection.
  • Identify the design of typical attacks. Match attack signature databases with information from the system.

Types of Intrusion Detection Systems 

An intrusion detection system is broadly categorized based on where the IDS sensors are placed: network or host.

Network Intrusion Detection System

A network-based intrusion detection system (NIDS) monitors and analyzes network traffic for suspicious behavior and real threats with the help of NIDS sensors. It scrutinizes the content and header information of all packets moving across the network.

The NIDS sensors are placed at crucial points in the network to inspect traffic from all devices on the network. For instance, NIDS sensors are installed on the subnet where firewalls are located to detect Denial of Service (DoS) and other such attacks.

Host Intrusion Detection System 

A host-based intrusion detection system (HIDS) monitors and analyzes system configuration and application activity for devices running on the enterprise network. The HIDS sensors can be installed on any device, regardless of whether it’s a desktop PC or a server.

HIDS sensors essentially take a snapshot of existing system files and compare them with previous snapshots. They look for unexpected changes, such as overwriting, deletion and access to certain ports. Consequently, alerts are sent to administrators to investigate activities that seem iffy.

They are a highly effective tool against insider threats. HIDS can identify file permission changes and unusual client-server requests, which generally tends to be a perfect concoction for internal attacks. That’s why it should come as no surprise that HIDS is often used for mission-critical machines that are not expected to change.

NIDS vs. HIDS: What’s the Difference? 

Each of these intrusion detection systems come with their own strengths. NIDS works in real-time, which means it tracks live data and flags issues as they happen. On the other hand, HIDS examines historical data to catch savvy hackers that use non-conventional methods that might be difficult to detect in real-time.

The ideal scenario is to incorporate both HIDS and NIDS since they complement each other. NIDS offers faster response time while HIDS can identify malicious data packets that originate from inside the enterprise network.

Watch the video below to learn more about the difference between NIDS and HIDS.

IDS for Your SaaS Backup

An intrusion detection system for your SaaS backup is a must-have. Think about who gets access to your data on your backup vendor’s side. It’s dangerous to assume that none of the people working for the backup vendor would stage an intrusion.

A good SaaS backup comes with an intrusion detection system that safeguards critical data from malicious attacks whether it’s external or internal. However, finding a good backup solution for your business needs can be a bit nerve-racking.

To help you make an informed decision before purchasing a backup solution, download our whitepaper Securing Your SaaS Backup.

Ask the right questions – find the right answers – choose the right SaaS backup.

Get the Whitepaper


*** This is a Security Bloggers Network syndicated blog from Spanning authored by Dave Wallen. Read the original post at: https://spanning.com/blog/intrusion-detection-systems-deep-dive-into-nids-hids/