|← Organizational Culture Paper||How to Protect Research Data →|
1. Intrusion detection systems come in different types depending on where they need to be installed within the systems of a given company. In a scenario that we are presented with, it is preferable that a host-based intrusion detection system be installed rather that a network based on. This type of IDS is beneficial over the Network based IDS since there shall be no access to the switches where we can monitor traffic. The use of host based IDS is necessary since lack of interaction with the switches implies that we can only use agents to gather information and relay them to the managers. The use of Network based IDS would have required the use of a hub to have access to the switches, a requirement we cannot be granted by the administrator(s).
2. Some networks like Akiko's use DNS servers to resolve hosts and this should be taken into consideration during installation of any IDS. With the IDS failing to connect to the agents in Akiko case, it will be prudent to start troubleshooting the manager installed at the server first. It will be necessary to check for the configuration file say snort.config file should snort be used in this case. One needs to verify if the DNS entry is uncommented and that it has a valid DNS entry of the server in use. This should inform the technician if the problem is with the configuration of the manager or beyond the server.
3. The decision of using a particular IDS depends on an array of factors including the amount of bandwidth expected to be available for use as well as other resources. With Ruth being a system administrator of web servers, the use of network based IDS will be inappropriate. Rather, her installation of the host based IDS will be advantageous as this will ensure that the web servers are not overburdened and that bandwidth use is kept to the minimum. The use of a suitable IDS such as the e-trust IDS will ensure that Ruth performs network monitoring activities but at the same time keep the use of critical resources such as bandwidth low so as to ensure efficient and smooth operation of the web servers.