Cons
• Restricted to Switch: Many advantages of NIDS does not promote in modern switched networks. The switch network divided into multiple independent parts so NIDS difficult to collect information throughout the network. Since only network test on segments where it directly connects to, it can not detect an attack occurred on other network segments.
This problem leads to organizational requirements need to buy a large number of sensors can turn to the network to cover most costly installation costs.
• Limitations in performance: NIDS will have trouble handling all network packets on large or high traffic density, led to undetectable attacks performed at "peak". Some manufacturers have been remedied by completely hardening the IDS to increase the speed for it. However, due to guarantees in terms of speed, some packets are ignored may cause vulnerability to intrusion attacks.
• Increased throughput: An intrusion detection system may need to pass a space Large data back analysis system center, which means that a control packet will generate a large amount of load analysis. To overcome people often use the process flexible data reduction to reduce the amount of traffic transmitted. They also more often the cycle of decisions on the sensor and use the central station as a status display device or media center rather than performing the actual analysis. The disadvantage is that it would provide very little information relating to the sensor; any sensor will not know the other one sensor detects an attack. Such a system can not detect the attack or synergistic complex.
• A NIDS systems have difficulty in handling the attacks in a session is encrypted. This problem becomes more severe when many companies and organizations are adopting VPN.
• - Some systems also have difficulty NIDS detection of network attacks from the fragmented packets. The formatted packet can make NIDS malfunction and breakdown.
đang được dịch, vui lòng đợi..