Analysis of Information and System Security: HIDS Vulnerabilities

Verified

Added on 2022/10/04

AI Summary

This report provides a critique of Host-Based Intrusion Detection Systems (HIDS) in the context of information and system security. It begins by defining HIDS and its role in monitoring system activities to detect intrusions, highlighting its advantages such as monitoring system activities, verifying the success or failure of an attack, and lower cost compared to Network-based IDS (NIDS). The report then delves into the vulnerabilities of HIDS, explaining how attackers can exploit weaknesses to stage security attacks, such as disabling the HIDS before attacking the rest of the system or attacking the network components. The report emphasizes the need for organizations to incorporate multiple intrusion detection systems to mitigate information and system security risks, concluding that a combined approach is crucial to enhance overall security posture.

Running head: INFORMATION AND SYSTEM SECURITY
1
Information and System Security
Student Name
Institution Affiliation

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

INFORMATION AND SYSTEM SECURITY
2
Information and System Security
Technology continues to advance in the contemporary world. Technology has impacted
nearly all aspects of human life. Information and system security concern is a current trend all
over the world as the result of the wide adoption of technology in our day to day technology
(Soomro, Shah, and Ahmed, 2016). This paper is a critique of a host-based intrusion detection
system and how attackers can bypass them and attack users within the system. Business
organizations should ensure information and system security for efficient operation without
disruptions.
A host-based intrusion detection system (HIDS) detects intrusion and misuse in a system by
monitoring the activities of the computer system. Once the intrusion is detected, the event is
logged, and the responsible authorities are notified. HIDS system monitors and analyzes both the
internal and external activities to ensure that the security policy of the system is not breached. In
a world where cyber-attacks are a threat to many organizations and individuals, HIDS is a handy
tool.
HIDS systems are associated with various information and system security advantages. First, the
system monitors the system's activities. This achieved through the host-based IDS sensor to
monitor user and file access activities. The system controls the access of files, installation of
executables in the system, and manipulation of data. Secondly, HIDS verifies the failure or
success of an attack. HIDS uses logs of activities. Thus it can be used to document whether an
attack occurred in the computer system or the HIDS prevented it. HIDS sensors come at a
cheaper cost compared to the network based IDS sensors. Additionally, HIDS can detect attacks
that network-based intrusion detection systems (NIDS) fail to recognize (Chawla, Lee, Fallon,

INFORMATION AND SYSTEM SECURITY
3
and Jacob, 2018). For instance, network sensors cannot detect when an authorized user alters a
system file from the system console, but HIDS would detect this kind of attack.
As much as HIDS is an essential tool that ensures information security, it has some
vulnerability. Malicious attackers can exploit the weakness in the HIDS system to stage security
attacks in the computer systems (Snapp, Brentano, and Levitt, 2017). Attackers usually have
information about the defense mechanisms to exploit any loophole in the security system. First,
the information sources for HIDS are stored in the host target systems. The attackers may start
by attacking and disabling the HIDS before proceeding on attacking the rest of the system. This a
challenge that has made the HIDS less popular compared to the NIDS. Secondly, the HIDS is not
efficient in preventing network attacks in the computer system. Network scans and surveillance
that target the network component of the system cannot be detected through HIDS; thus,
attackers may attack the network of the target system.
In a nutshell, information and system security are a threat in the contemporary world. Intrusion
detection systems such as HIDS and NIDS can be used to ensure information and system
security in organizations. Each of the IDS has unique weaknesses that can be exploited by
attackers to stage attacks. Therefore, organizations need to incorporate more than one IDS to
eliminate or reduce information and system security risks.

INFORMATION AND SYSTEM SECURITY
4
References
Chawla, A., Lee, B., Fallon, S., & Jacob, P. (2018, September). Host based intrusion detection
system with combined CNN/RNN model. In Joint European Conference on Machine
Learning and Knowledge Discovery in Databases (pp. 149-158). Springer, Cham.
Snapp, S. R., Brentano, J., Dias, G., Goan, T. L., Heberlein, L. T., Ho, C. L., & Levitt, K. N.
(2017). DIDS (distributed intrusion detection system)-motivation, architecture, and an
early prototype.
Soomro, Z. A., Shah, M. H., & Ahmed, J. (2016). Information security management needs more
holistic approach: A literature review. International Journal of Information
Management, 36(2), 215-225.