Security Monitoring

Considering your place of employment or your home computing environment, discuss in detail the way in which in-depth (or layered) defense is employed to enhance security in your chosen environment.

My company utilizes an IT department and we use the typical firewalls, antivirus and security monitoring team consisting of level 1 and level 2 analysts. As far as my home computer I am connecting to the internet Belkin router that comes with firewall protection, firmware read-only memory, Microsoft Essentials anti-virus and Kaspersky anti-virus protection. If there appears to be a threat to my system Kaspersky advises me and recommends course of action.

According to the textbook, Intrusion Detection Systems (IDS), which can be categorized as Host IDS (HIDS) and Network IDS (NIDS), is a means of providing real-time monitoring. Compare and contrast HIDS and NIDS, and provide at least one (1) example identifying when one (1) would be more appropriate to use over the other. Provide a rationale to support your chosen example.

“Host intrusion detection system” (HIDS) are designed to monitor all parts of the behavior and the general health of a computer system. HIDS will inspect network packets targeted at a specific host, HIDS has the capability to detect which program accesses what resources and finds that for example, that a word processor has started altering passwords. Additionally, HIDS might watch the state of the system, its stored information, whether in Ram, in the file system, log files, or elsewhere; and verify that the content had not been compromised.

“Network intrusion detection system (NIDS)” are designed to monitor traffic on a network looking for suspicious activity, which could be an attack or unauthorized activity. You can have a large NIDS server set up on a backbone network, to monitor all traffic; or you can have smaller systems set up to monitor traffic for a specific server, switch, gateway, or router. In addition to monitoring incoming and outgoing network traffic, a NIDS server can also scan system files looking for unauthorized activity and to maintain data and file integrity. The NIDS server can also detect changes in the server core components. In addition to traffic monitoring, a NIDS server has the capability to scan server log files and look for suspicious traffic or usage patterns that match a typical network compromise or a remote hacking attempt. The NIDS server can also serve a proactive role, instead of a protective or reactive function. Possible uses include scanning local firewalls or network servers for potential exploits, or for scanning live traffic to see what is actually going on. Keep in mind that a NIDS server does not replace primary security such as firewalls, encryption, and other authentication methods. The NIDS server is a backup network integrity device. Neither system (primary or security and NIDS server) should replace common precaution (building physical security, corporate security policy, etc.)