Advantages and Disadvantages of Network-Based Intrusion Detection Systems

D.

Network-based IDSs are usually passive devices that listen on a network wire without interfering with the normal operation of a network.

Thus, it is usually easy to retrofit a network to include network-based IDSs with minimal effort.

Network-based IDSs are not vulnerable to attacks is not true, even thou network-based IDSs can be made very secure against attack and even made invisible to many attackers they still have to read the packets and sometimes a well crafted packet might exploit or kill your capture engine.

Network-based IDSs are well suited for modern switch-based networks is not true as most switches do not provide universal monitoring ports and this limits the monitoring range of a network-based IDS sensor to a single host.

Even when switches provide such monitoring ports, often the single port cannot mirror all traffic traversing the switch.

Most network-based IDSs can automatically indicate whether or not an attack was successful is not true as most network-based IDSs cannot tell whether or not an attack was successful; they can only discern that an attack was initiated.

This means that after a network-based IDS detects an attack, administrators must manually investigate each attacked host to determine whether it was indeed penetrated.

Pages 196 to 197

Out of the given options, option C is true. Most network-based intrusion detection systems (IDSs) can automatically indicate whether an attack was successful or not. Let's explore the advantages and disadvantages of network-based IDSs in more detail:

Advantages of network-based IDSs:

1. Detect network-level attacks: Network-based IDSs monitor the traffic that passes through the network and can detect network-level attacks such as port scans, denial-of-service (DoS) attacks, and buffer overflow attacks.

2. Scalability: Network-based IDSs are designed to monitor traffic on a network, which makes them highly scalable. As the network grows, more sensors can be added to the system to monitor the additional traffic.

3. Centralized management: Network-based IDSs provide a centralized management system, which makes it easier to manage the security of the entire network.

4. Automated alerts: Network-based IDSs can send alerts to security personnel when an attack is detected. These alerts can be sent in real-time, allowing security personnel to respond quickly to the threat.

Disadvantages of network-based IDSs:

1. Limited visibility: Network-based IDSs only monitor traffic that passes through the network. They cannot detect attacks that occur on individual hosts.

2. False positives: Network-based IDSs may generate false positives, which can be time-consuming to investigate and can distract security personnel from more serious threats.

3. Vulnerability to attacks: Network-based IDSs can be vulnerable to attacks themselves. Attackers can attempt to evade detection by exploiting vulnerabilities in the IDSs.

4. Impact on network performance: Network-based IDSs can impact network performance. They can introduce additional latency and can consume network bandwidth.

In conclusion, network-based IDSs have several advantages and disadvantages. They are designed to detect network-level attacks and are highly scalable, but they have limited visibility and can be vulnerable to attacks themselves. Additionally, they can impact network performance, and false positives can be a problem. However, most network-based IDSs can automatically indicate whether an attack was successful or not.