Consider the following example of data collection for an IDS

Consider the following example of data collection for an IDS. Please specify which category of IDS may collect the data (Network-based IDS or Host-based IDS)

(i) Source IP address __________

(ii) TTL value ____________

(iii) Operating system name and version __________

(iv) Port number _______

(v) Session identification number ________

Solution

Network-based IDS

Network based Intrusion Detection Systems are placed at a strategic point or points within the network to monitor traffic to and from all devices on the network. It performs an analysis of passing traffic on the entire subnet, and matches the traffic that is passed on the subnets to the library of known attacks. Once an attack is identified, or abnormal behavior is sensed, the alert can be sent to the administrator.

Following Example of data collection is related to Network-based IDS

(i) Source IP address

(ii) TTL value

(iii) Operating system name and version

(iv) Port number

(v) Session identification number