Some of the advantages of Host based Intrusion detection
are:
- Host-base intrusion systems are able to verify if an attack was
successful or not, whereas a network based IDS is capable of only
giving an alert of the attack.
- They monitors all the users’ activities which is not available
in a network based system
- They provide capability of identifying attacks that originate
from inside the host.
- Host based IDS can analyze and profile the decrypted traffic to
find attack signature-thus giving them the ability to monitor
encrypted traffic.
- Host based IDS do not need any extra hardware since they can be
installed in the existing servers.
- Host based IDS are very cheap for a small sized network.
Disadvantages:
- The host based IDS can be compromised if the host server is
under attack.
- They need extra computation power from the host where it
resides
- They are ineffective during DDOS attacks.
Advantages of network based IDS are:
-
They Can Be Tuned to Specific Content in Network Packets
-
They Can Look at Data in the Context of the Protocol
-
They Can Qualify and Quantify Attacks
-
They Make It Easier to Keep Up With Regulation
Disadvantages are:
-
They Will Not Prevent Incidents By Themselves
-
An Experienced Engineer Is Needed to Administer Them
-
They Do Not Process Encrypted Packets