Content deleted Content added
VulcanSphere (talk | contribs) Changing short description from "Intrusion detection system" to "Type of intrusion detection system" (Shortdesc helper) |
Tags: Reverted Mobile edit Mobile web edit |
||
Line 31:
For each object in question a HIDS will usually remember its attributes (permissions, size, modifications dates) and create a [[checksum]] of some kind (an [[MD5]], [[SHA1]] hash or similar) for the contents, if any. This information gets stored in a secure database for later comparison (checksum database).
An alternate method to HIDS would be to provide NIDS type functionality at the network interface (NIC) level of an end-point (either server, workstation or other end device). Providing HIDS at the network layer has the advantage of providing more detailed logging of the source (IP address) of the attack and attack details, such as packet data, neither of which a dynamic behavioral monitoring approach could see.ytf
==== Operation ====
| |||