After a meeting between the IT department leaders and a security consultant, they decide to implement a new IDS in your network. You are later asked to explain to your team the type of IDS that is going to be implemented. Which of the following best describes the process of Host-Based Intrusion Detection Systems?

A.
In a Host-Based IDS sensors are installed in key positions throughout the network, and they all report to the command console. The sensors in this case, are full detection engines that have the ability to sniff network packets, analyze for known signatures, and notify the console with an alert if an intrusion is detected.

B.
Host-Based IDS uses what are known as agents (also called sensors). These agents are in fact small programs running on the hosts that are programmed to detect intrusions upon the host. They communicate with the command console, or a central computer controlling the IDS.

C.
In Host-Based IDS, the agents on the hosts are the ones that perform the analysis of the network traffic.
The intrusion data can be monitored in real-time.

D.
In a Host-Based IDS sensors (also called agents) are placed on each key host throughout the network analyzing the network packets for intrusion indicators. Once an incident is identified the sensor notifies the command console.

E.
In Host-Based IDS, the network traffic data is gathered and sent from the host to a centralized location.
There is no significant performance drop on the hosts because the agents simply gather information and send them elsewhere for analysis. However, due to the nature of the design, there is no possibility of real-time detection and response.