A host-based IDS is resident on which of the following?
Click on the arrows to vote for the correct answer
A. B. C. D.A.
A host-based IDS is resident on a host and reviews the system and event logs in order to detect an attack on the host and to determine if the attack was successful.All critical serves should have a Host Based Intrusion Detection System (HIDS) installed.As you are well aware, network based IDS cannot make sense or detect pattern of attacks within encrypted traffic.A HIDS might be able to detect such attack after the traffic has been decrypted on the host.This is why critical servers should have both NIDS and HIDS.
FROM WIKIPEDIA: A HIDS will monitor all or part of the dynamic behavior and of the state of a computer system.
Much as a NIDS will dynamically inspect network packets, a HIDS might detect which program accesses what resources and assure that (say) a word-processor hasn\'t suddenly and inexplicably started modifying the system password-database.
Similarly a HIDS might look at the state of a system, its stored information, whether in RAM, in the file-system, or elsewhere; and check that the contents of these appear as expected.
One can think of a HIDS as an agent that monitors whether anything/anyone - internal or external - has circumvented the security policy that the operating system tries to enforce.
http://en.wikipedia.org/wiki/Host-based_intrusion_detection_systemA host-based IDS (Intrusion Detection System) is a security solution that monitors and analyzes events on individual hosts or endpoints, such as servers, workstations, or mobile devices. The purpose of a host-based IDS is to detect and alert on any suspicious or malicious activity that may compromise the security of the host or the network.
To answer the question, a host-based IDS is resident on "A. On each of the critical hosts." This means that the IDS is installed and running on each individual host that needs protection, specifically those that are deemed "critical" or essential to the operation of the network.
The advantage of using a host-based IDS is that it can provide granular and detailed information about the activity on a specific host, including system calls, network traffic, and file access. This makes it easier to identify and respond to security incidents that may be missed by other security controls, such as network-based IDS or firewalls.
In contrast, a network-based IDS is installed on a network device, such as a router or switch, and monitors network traffic for signs of attacks or anomalies. While network-based IDS is useful for detecting attacks that target multiple hosts or network segments, it may miss attacks that are directed at a single host or are disguised as legitimate traffic.
In summary, a host-based IDS is a valuable security solution that should be installed on each critical host to provide granular and detailed monitoring and alerting capabilities.