Question

Difference between host based and network based ids

Answer 1

Host-based intrusion detection systems(IDSes) protect just that: the host or endpoint. This includes workstations, servers, mobile devices and the like. Host-based IDSes are one of the last layers of defense. They're also one of the best security controls because they can be fine-tuned to the specific workstation, application, user role or workflows required.


network-based IDS often sits on the ingress or egress point(s) of the network to monitor what's coming and going. Given that a network-based IDS sits further out on the network, it may not provide enough granular protection to keep everything in check -- especially for network traffic that's protected by SSL, TLS or SSH.

Answer 2

Host-based intrusion detection systems(IDSes) protect just that: the host or endpoint. This includes workstations, servers, mobile devices and the like. Host-based IDSes are one of the last layers of defense. They're also one of the best security controls because they can be fine-tuned to the specific workstation, application, user role or workflows required.



A network-based IDS often sits on the ingress or egress point(s) of the network to monitor what's coming and going. Given that a network-based IDS sits further out on the network, it may not provide enough granular protection to keep everything in check -- especially for network traffic that's protected by SSL, TLS or SSH.