What is the key difference between host-based and network-based intrusion prevention?
A.
Network-based IPS is better suited for inspection of SSL and TLS encrypted data flows.
B.
Network-based IPS provides better protection against OS kernel-level attacks against hosts and
servers.
C.
Network-based IPS can provide protection to desktops and servers without the need of installing
specialized software on the end hosts and servers.
D.
Host-based IPS can work in promiscuous mode or inline mode.
E.
Host-based IPS is more scalable then network-based IPS.
F.
Host-based IPS deployment requires less planning than network-based IPS.
Explanation:
http://www.cisco.com/en/US/docs/solutions/Enterprise/Data_Center/ServerFarmSec_2.1/8_NIDS.h
tml
Cisco Network-Based Intrusion Detection—Functionalities and Configuration
This chapter highlights the need for and the benefits of deploying network-based intrusion detection
in the data center. It addresses mitigation techniques, deployment models, and the management of
the infrastructure.
Intrusion detection systems help data centers and other computer installations prepare for and deal
with electronic attacks. Usually deployed as a component of a security infrastructure with a set of
security policies for a larger, comprehensive information system, the detection systems themselves
are of two main types.
Network-based systems inspect traffic “on the wire” and host-based systems monitor only individual
computer server traffic.
Network intrusion detection systems deployed at several points within a single network topology,
together with host-based intrusion detection systems and firewalls, can provide a solid, multipronged defense against both outside, Internet-based attacks, and internal threats, including
network misconfiguration, misuse, or negligent practices. The Cisco Intrusion Detection System (IDS)
product line provides flexible solutions for data center security.