The use of HIDS and NIDS on a network can be beneficial for an organization but it can also hinder operations greatly. If the constraints are so restrictive that nothing can come or go on the network it just brings everything to a screeching halt and just the other extreme of the spectrum of that is having settings to lax that you create a risk of attacks to your network. As an administrator it is vital that you capture a baseline of the organizations normal and peak time network traffic as a starting point for tuning and training any HIDS/NIDS that may be part of your network. Below are questions that are aimed at getting the administrator to think when configuring HIDS/NIDS and the effect it has on a system and network.
1. What types of resources are consumed during the tuning/training phase of an intrusion system?
Answer: The resources that are consumed are the Processor, Memory is exhausted, Productivity of users is affected, and there is expense and loss of Staff hours.
2. What are some causes of resource consumption by an HIDS or NIDS?
Answer: The causes of consumption of resources are; incorrect tuning/training, false negative and positives, to many concurrent connections exceeding the buffer or memory, and a combination of antivirus software and a HIDS installed on the same system that can’t handle the processing power required.
3. What types of resources can be consumed on an NIDS?
Answer: The NIDS can consume the CPU by overloading, and the NIDS memory can be exhausted.
4. What are the implications of resource consumption?
Answer: The implications include; exceeding the buffer or memory limit which can result in errors, the same packets being examined many times or some packets not being examined (being dropped), in extreme cases the NIDS can also crash, and networks are left at risk or unprotected.
5. What type of techniques or methods can help prevent problems with HIDS or NIDS?
Answer: Some techniques or methods that can help...