What are the two types of Intrusion Detection Systems (IDSs)?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the EC-Council Certified Ethical Hacker (CEH) Certification. Use flashcards and multiple choice questions with hints and explanations. Ace your exam!

Multiple Choice

What are the two types of Intrusion Detection Systems (IDSs)?

Explanation:
Intrusion detection comes in two primary forms: host-based and network-based. A host-based IDS runs on a specific machine and watches that system’s internals—such as logs, file integrity, process behavior, and user actions—to detect signs of compromise or policy violations on that host. A network-based IDS, on the other hand, lives at strategic points in the network and analyzes traffic across the network—packet contents, flow data, and traffic patterns—to identify suspicious activity that may indicate an attack or misuse affecting multiple hosts. These approaches provide different visibility: HIDS excels at catching problems that manifest locally on a single machine, including tampering and abnormal user actions, while NIDS is effective for spotting attacks that traverse the network, such as scans, exploit attempts, or unusual traffic flows. In practice, deploying both types together gives broader coverage, catching issues that either approach alone might miss. Other security tools exist that are related but serve different purposes. For example, an IPS actively blocks threats in real time, rather than just detecting them; antivirus software focuses on known malware on endpoints; and a SIEM aggregates and analyzes logs from many sources but isn’t itself an IDS.

Intrusion detection comes in two primary forms: host-based and network-based. A host-based IDS runs on a specific machine and watches that system’s internals—such as logs, file integrity, process behavior, and user actions—to detect signs of compromise or policy violations on that host. A network-based IDS, on the other hand, lives at strategic points in the network and analyzes traffic across the network—packet contents, flow data, and traffic patterns—to identify suspicious activity that may indicate an attack or misuse affecting multiple hosts.

These approaches provide different visibility: HIDS excels at catching problems that manifest locally on a single machine, including tampering and abnormal user actions, while NIDS is effective for spotting attacks that traverse the network, such as scans, exploit attempts, or unusual traffic flows. In practice, deploying both types together gives broader coverage, catching issues that either approach alone might miss.

Other security tools exist that are related but serve different purposes. For example, an IPS actively blocks threats in real time, rather than just detecting them; antivirus software focuses on known malware on endpoints; and a SIEM aggregates and analyzes logs from many sources but isn’t itself an IDS.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy