Re: A good question about NIDS & HIDS or why NIDS ant not just HIDS?



Hi Juan,

I am thinking that if the target of a hacker is always the server so why I need the NIDS ? I can monitor very well just the servers with some kind of HIDS like Ossec and I am done no? why should I care about the NIDS when I have a well configured HIDS on every server?

The target of an intruder is not only your servers, but any device on your network (routers, switches, ...) I've yet to see a HIDS for a Cisco router for instance :)

Also, putting 1 or more NIDS in front of your server farm might be more cost effective than putting an HIDS on each server.

Laurens

------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain a laser like insight into what is covered on the exam, with zero fluff!

http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html
------------------------------------------------------------------------