Pros & Cons of NIDS - Salem73616C656D/reading-notes GitHub Wiki
Key Takeaways
Pros:
- They can look at data in the context of a protocol
- they can qualify and quantify attacks
- they make it easier to keep up with regulation
- they can boost efficiency
Cons:
- they will not prevent incidents by themselves
- an experienced engineer is needed to administer them
- they do not process encrypted packets
- ip packets can still be faked
- false positives are frequest
- they are susceptible to protocol based attacks
- the sig library needs to be continually updated
Vocabulary
No new vocabulary