Home » Strengths And Weaknesses Of Ids Information Technology Essay

Strengths And Weaknesses Of Ids Information Technology Essay

Although IDS is a useful addition to ensure security, it does well on some points, but there are still some limitations with it. Table 5.1 summaries some the strengths and weaknesses of IDS.

Save Time On Research and Writing
Hire a Pro to Write You a 100% Plagiarism-Free Paper.
Get My Paper

Strengths

Weaknesses

Monitoring user behaviors and system event logs.

Detection but not prevention.

Testing the system configrutions of hosts.

False positive detections.

Save Time On Research and Writing
Hire a Pro to Write You a 100% Plagiarism-Free Paper.
Get My Paper

Setting up baseline for the security state of a system, and tracking any changes to that baseline.

False negative detections.

Protecting against known threats.

Spoofing attacks.

Recognizing patterns of activity that are abnormal.

Cannot automatically investigating attacks without human intervention.

Centralized management.

Delays of signature update.

Alerting to appropriate administrators with appropriate means.

Easier to perform security monitoring functions for non-security experts.

Table 5.1: Strengths and Weaknesses of IDS.

Monitoring user behaviors and system event logs – One of the strengths of IDS is that it provides ability to monitor the system event logs of every host, which make administrators to be aware when any changes on the hosts. They can also utilize this information collected by IDS to analyze user behaviors, thereby planning the security strategy and policies for their organizations accordingly.

Testing the system configrutions of hosts – IDS are also able to test the security states for every host, when the system is configured below par or a baseline, it alerts to administrators which host is set below a security level. Thus, administrators can make further configurations for that host.

Setting up baseline for the security state of a system, and tracking any changes to that baseline – With IDS, administrators can set up their own expectation as a security baseline. Based on that baseline, IDS keeps tracking the differences and changes on the hosts, allowing administrators to have all hosts in the same security level they expect.

Protecting against known threats – The Signature detection techniques make IDS to protect systems and networks well against known threats. It ensures recognizing patterns of system events that compare to the known threats.

Recognizing patterns of activity that are abnormal – When a new attack does not exist in known threat signatures, IDS has Anomaly detection techniques for it. This technique is good at comparing system activities or network traffic against a baseline to indentify abnormal behaviors, recognizing new attacks that Signature detection techniques miss.

Centralized management – IDS provides a centralized management for administrators easier to change logging mechanisms, perform software upgrade, collecting alarm information and updating security setting etc. Many IDS products even have a very simple menu to have the configuration of IDS set up, which helps administrators a lot to monitors a numerous of networks and hosts.

Alerting to appropriate administrators with appropriate means – Based on scan and match principle, IDS always send alerts to appropriate people by appropriate means. Administrators can decide who should receive the alerts and define different activates they want to be alerted. These appropriate meaning of messages to appropriate people can be more effective and efficient to an organization.

Easier to perform security monitoring functions for non-security experts – Many IDS products now already provide basic information security policies, plus easy configuration, allowing non-security expert to perform security monitoring functions for their organizations as well. This is also a strength that makes IDS to a success.

On the contrary, there are some weaknesses have been suggested as shown in Table 5.1.

Detection but not prevention – IDS concentrate on detection method but not prevention, it is a passive activity. It is sometimes too late to detect an intrusion, especially now some attacks are transporting very fast on the current high speed networks, when IDS sends a alert to administrators, the actual situation may be worse.

False positive detections – The detection capabilities of IDS can be defined in four measures: True positive, False positive, True negative and False negative. Figure 5.3 illustrates the differences of them. True positive indicates that the real attacks are identified by IDS correctly; True negative indicates that IDS is identified correctly that are not attacks; False positive indicates that IDS is identified incorrectly as true attacks but actually that are not real attacks; False negative indicates that IDS is identified incorrectly as not attacks but actually that are attacks.

Figure 5.3: Measures of IDS

IDS often generate too many false positives, due to the inaccurate assumptions. One example is looking for the length of URLs. Typically, a URL is only around 500 bytes length, assuming that an IDS is configured to trigger an alert for denial of service attack when the length of a URL is exceed 1000 bytes. False positive could be occurred from some complex web pages that are common to store a large content now. The IDS is not making mistake, the algorithm is just not perfect. In order to reduce False positives, administrators need to tune the assumptions of how to detect attacks in an IDS, but which is time consuming.

False negative detections – False negatives are also a weakness of IDS, hackers now can encode an attack file to be unsearchable by IDS. For example, “cgi-bin/attack.cgi” is defined as a signature in an IDS, but the file is encoded to be “cg%39-b%39n/a%39tt%39” by the hackers. While “cg%39-b%39n/a%39tt%39” is not defined in the signature files, the attack will pass without any notice, then a False negative occurs.

Spoofing attacks – Hackers can utilize spoofing attacks to blind the administrators. For example, hackers can use one of the IP in a network to make many False positive detections, administrators may then set the IDS to ignore local traffic for this IP, after then hackers start the real attacks.

Cannot automatically investigating attacks without human intervention – Even IDS can detect most of the attacks in the hosts and networks, but it still need administrators to investigate and perform reaction. Hackers can utilize this weakness of IDS to perform an attack, for instance, a hacker can make a large of attacks to host A, since IDS is not able to analyze all the attacks automatically by itself, administrators needs to spend time to investigate each alarm from host A. Thus, the hacker may have more time to make a real attack to host B.

Delays of signature update – IDS rely on its signature database to detect a known intrusion, IDS products typically updating the signature database by the IDS vendors. The potential problem is the delay of signature update patch, IDS vendors often take a long time to identify a new attack and finish an update patch. However, even IDS vendors provide the most update signature as soon as they can. It is still a time period that the IDS are not able to identify a new attack before updating the signature database.

Place your order
(550 words)

Approximate price: $22

Calculate the price of your order

550 words
We'll send you the first draft for approval by September 11, 2018 at 10:52 AM
Total price:
$26
The price is based on these factors:
Academic level
Number of pages
Urgency
Basic features
  • Free title page and bibliography
  • Unlimited revisions
  • Plagiarism-free guarantee
  • Money-back guarantee
  • 24/7 support
On-demand options
  • Writer’s samples
  • Part-by-part delivery
  • Overnight delivery
  • Copies of used sources
  • Expert Proofreading
Paper format
  • 275 words per page
  • 12 pt Arial/Times New Roman
  • Double line spacing
  • Any citation style (APA, MLA, Chicago/Turabian, Harvard)

Our guarantees

Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.

Money-back guarantee

You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.

Read more

Zero-plagiarism guarantee

Each paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.

Read more

Free-revision policy

Thanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.

Read more

Privacy policy

Your email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.

Read more

Fair-cooperation guarantee

By sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.

Read more
Live Chat+1 763 309 4299EmailWhatsApp

We Can Handle your Online Class from as low as$100 per week