Which of the following is NOT something that an HIDS will monitor?
Which of the following is NOT something that an HIDS will monitor?
A host-based intrusion detection system (HIDS) focuses on monitoring and analyzing activities within a specific host or system. This includes monitoring configurations, user logins, and critical system files for signs of suspicious or unauthorized activities. Unlike a network-based intrusion detection system (NIDS), which monitors network traffic across the entire network, a HIDS does not typically monitor network traffic. Therefore, the correct answer is network traffic.
NIDS monitors network traffic! Not HIDS.
HIDS will check the network traffic as well, but only related to the host
» Host IDS (HIDS): This type of IDS operates on a single host and monitors only *network traffic* that flows into and out of that host. In addition to monitoring a host’s network traffic, HIDS are often able to monitor *critical configurations* and *files* on a host and can be configured to alert on suspicious modifications. Similar to other host-based security controls, HIDS are prone to compromise if an attacker gains root-level access on that host. To combat this, HIDS logs should immediately be sent a remote system (like your centrally managed SIEM), and HIDS configurations and settings should be locked down and managed on a remote system. Consider installing a HIDS on your baseline images for your highly sensitive systems. Configure the HIDS to communicate with your SIEM or other centrally managed alerting dashboard. You can then deploy and manage those distributed HIDS in one fell swoop.
Should be Configuration !
Host IDS (HIDS): This type of IDS operates on a single host and monitors only network traffic that flows into and out of that host. In addition to monitoring a host’s network traffic, HIDS are often able to monitor critical configurations and files on a host and can be configured to alert on suspicious modifications.
B is correct.
should be D. HIDS doesn't monitor Network traffic
HIDS does not monitor network traffic. D should be the answer
A is the answer host-based IDS, you gain granular visibility into the systems and services you’re running so you can easily detect: System compromises Privileged escalations Installation of unwanted applications Modification of critical application binaries, data, and configuration files (e.g. registry settings, /etc/passwd) Rogue processes Critical services that have been stopped, or that failed to start User access to systems
B is sort of correct - HIDS doesn't monitor all network traffic but it monitors inbound and outbound packets for the device only
B is correct!!! HIDS will monitor the inbout/outbound traffic of the host and the rest options as well. So the only remaining one is USERS
AIO CCSP states all but User Logins will be monitored.
D. Network traffic An HIDS (Host-based Intrusion Detection System) is designed to monitor and protect individual systems within a network by analyzing activities and events occurring on the host itself. It typically monitors configurations, user logins, and critical system files, among other things, to detect potential security threats or unauthorized activities.
SHOULD BE D -- FOR NETWORK TRAFFIC WE HAVE NIDS
D. Network traffic An HIDS (Host-based Intrusion Detection System) is designed to monitor and protect individual systems within a network by analyzing activities and events occurring on the host itself. It typically monitors configurations, user logins, and critical system files, among other things, to detect potential security threats or unauthorized activities.
An HIDS primarily focuses on monitoring and analyzing activities occurring within the host or system itself. This includes monitoring configurations, user logins, critical system files, file integrity, process activity, and other host-specific events. The purpose of an HIDS is to detect suspicious or unauthorized activities on the host and raise alerts or take action accordingly. While network traffic is crucial for overall security monitoring, it falls under the purview of network-based monitoring systems rather than host-based systems like HIDS
Host-based Intrusion Detection System [HIDS] focuses on monitoring & protecting individual hosts or devices within a network. Network-based Intrusion Detection System [NIDS] concentrates on monitoring network traffic to identify suspicious patterns & potential threats across the entire network
An HIDS (Host-based Intrusion Detection System) monitors activities on a specific host or device, such as configurations, user logins, and critical system files. It does not typically monitor network traffic, which is the role of a Network-based Intrusion Detection System (NIDS).
NIDS dose monitor the network traffic not the HIDS