An HIDS is used to monitor potential or suspected intrusions on a system or host
unlike an NIDS it cannot be used to monitor traffic or activity on a network.
it looks for changes to files,
misuse,
privilege abuse,
alterations to log files,
and other activities depending on the vendor.
No comments:
Post a Comment