Idp faq, What is hids, What is nids – ZyXEL Communications ZYWALL IDP 10 User Manual

IDP Support Notes

23

IDP FAQ

What is HIDS?

Host intrusion detection systems are intrusion detection systems that are installed

locally on host machines. This makes HIDS a very versatile system compared to

NIDS. HIDS can be installed on many different types (roles) of machines namely

servers, workstations and notebook computers. This methodology gives an

organization the edge where as an NIDS will fail if it has to reach a segment beyond

NDIS capability.

What is NIDS?

Monitors all network traffic passing on the LAN segment where NIDS is installed;

reacting to any anomaly or signature based suspicious activity. Think of it as a packet

sniffer that analyzes every packet for attack signatures.

What is HIPS?

A Host Intrusion Prevention System resides on the network host protecting it from

attack. These used to be known as personal firewalls but as their capabilities increased

the HIPS term took hold.

What is NIPS (IDP)?

Intrusion means someone intentionally break into your computer/network, either to

steal your confidential data or do something to your computer/network that is against

your will. Unlike traditional IDS (Intrusion detection system) only detects suspicious

packets; IDP takes it to the next level, it can blocks/drops the malicious packets.

What’s the difference between false positive and false negative?

A false positive is when a IDS/IDP system incorrectly reports that it has found attacks,

and falsely drops a legitimate packet. But if an attack can through IDS/IDP system

without being awared, then we call it’s a false negative.

All contents copyright (c) 2004 ZyXEL Communications Corporation.