Reliable Real-Time Information
Question
Which of the following usually provides reliable, real-time information without consuming network or host resources?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.A.
A network-based IDS usually provides reliable, real-time information without consuming network or host resources.
Source: KRUTZ, Ronald L.
& VINES, Russel.
D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 48.
An Intrusion Detection System (IDS) is a security tool designed to detect and alert security personnel of potential security threats in a network or host. IDSs can be categorized into four main types: network-based IDS, host-based IDS, application-based IDS, and firewall-based IDS.
A network-based IDS (NIDS) operates at the network level and is designed to monitor network traffic to detect and alert on any suspicious activity. It analyzes packets that pass through the network and compares them to known attack signatures or behavior patterns. NIDS typically operates in a passive mode, meaning it does not interfere with network traffic, making it a reliable source of real-time information without consuming network or host resources.
A host-based IDS (HIDS), on the other hand, operates on individual hosts or endpoints, analyzing the activity on the host's operating system and applications. HIDS can detect threats that may not be detected by NIDS, but it consumes resources on the host it is installed on, potentially affecting system performance.
An application-based IDS (AIDS) operates at the application layer and monitors specific applications for any unusual activity or behavior. AIDS can be useful for detecting application-level attacks such as SQL injection or cross-site scripting (XSS). However, it only monitors specific applications, and it may not be able to detect attacks against other applications or at the network or host level.
Finally, a firewall-based IDS (FIDS) operates at the network layer, like NIDS, but it is integrated with a firewall. FIDS can detect and block suspicious traffic as it passes through the firewall. However, like HIDS, FIDS may consume network resources, potentially affecting network performance.
Therefore, based on the information provided, the answer to the question is A. network-based IDS. It provides reliable, real-time information without consuming network or host resources.
