Choosing Between Host and Network Intrusion Detection System

Fajar Purnama
4 min readFeb 2, 2021

Regarding to the deployment of IDS on the public cloud there are two cases. The first one is when we own the cloud the other one is if we borrow someone else’s cloud. As for the first there are two types of network, one is the internal network and the other one is public network where those from the Internet can normally access the network. The structure of the network depends on the administrators but usually the internal and outside network are separated by demilitarized zone (DMZ). The public servers (where users from thy e Internet access) should be equipped with tight security. The most common one is the firewall on the end of the public network and antivirus on each servers. To complete the security intrusion detection system (IDS) or intrusion prevention system (IPS) should be equipped. But which type of IDS should be placed? Host based or network based, signature based or anomaly based? A hybrid of signature and anomaly based is best for my opinion but whether using a host base IDS (HIDS) or network base IDS (NIDS) is something to think hard off, and this greatly depends on the network architecture and the urgency of the situation. This is the seventh assignment from my Masters Advanced Network Security Course which has never been published anywhere and I, as the author and copyright holder, license this assignment customized CC-BY-SA where anyone can share…

--

--

Fajar Purnama
Fajar Purnama

Written by Fajar Purnama

this blog contains all my articles licensed under creative commons attribution customized sharealike (cc-by-sa) where you can sell but mention the open one here

No responses yet