When you buy through affiliate links in our content, we may earn a commission at no extra cost to you. Learn What Does Host-Based Intrusion Detection System Mean?
A host-based intrusion detection system (HIDS) is a system that monitors a computer system on which it is installed to detect an intrusion and/or misuse, and responds by logging the activity and notifying the designated authority. A HIDS can be thought of as an agent that monitors and analyzes whether anything or anyone, whether internal or external, has circumvented the system’s security policy.
Techopedia Explains Host-Based Intrusion Detection System
An intrusion detection system (IDS) is a software application that analyzes a network for malicious activities or policy violations and forwards a report to the management. An IDS is used to make security personnel aware of packets entering and leaving the monitored network. There are two general types of systems: a host-based IDS (HIDS) and a network-based IDS (NIDS).
A NIDS is often a standalone hardware appliance that includes network detection capabilities. It will usually consist of hardware sensors located at various points along the network. It may also consist of software that is installed on various computers connected along the network. The NIDS analyzes data packets both inbound and outbound and offer real-time detection.
A HIDS analyzes the traffic to and from the specific computer on which the intrusion detection software is installed. A host-based system also has the ability to monitor key system files and any attempt to overwrite these files.
However, depending on the size of the network, either HIDS or NIDS is deployed. For instance, if the size of the network is small, then NIDS is usually cheaper to implement and it requires less administration and training than HIDS. However, a HIDS is generally more versatile than a NIDS.
