Re: A good question about NIDS & HIDS or why NIDS ant not just HIDS?



Hi Juan,

I am thinking that if the target of a hacker is always the server so why I need the NIDS ? I can monitor very well just the servers with some kind of HIDS like Ossec and I am done no? why should I care about the NIDS when I have a well configured HIDS on every server?

The target of an intruder is not only your servers, but any device on your network (routers, switches, ...) I've yet to see a HIDS for a Cisco router for instance :)

Also, putting 1 or more NIDS in front of your server farm might be more cost effective than putting an HIDS on each server.

Laurens

------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain a laser like insight into what is covered on the exam, with zero fluff!

http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html
------------------------------------------------------------------------



Relevant Pages

  • Re: Groklaws "Bias" and the SCO DDoS Attack
    ... >routers, with port 80 redirected to a web server on the LAN side. ... I've also used Sonicwall DMZ ...
    (comp.unix.sco.misc)
  • RE: Host Based IDS Recommendations?
    ... Secuplat HIDS for NT. ... It have server agent based features. ... should collect all attack, file change auditing data, User security breaking ... Better Management for Network Security ...
    (Focus-IDS)
  • Re: Cant browse across subnets
    ... The only change on the routers in the past 2 years was this past weekend on ... Windows firewall - on the SBS server? ... computers can see shares and printers at their location just fine - just not ... All workstations can resolve all computernames via nslookup. ...
    (microsoft.public.windows.server.sbs)
  • Re: Very slow network browsing from W2K but not NT
    ... :> I assume the server is running in mixed mode and the NetBIOS over ... :> Are there Cisco switches involved and if not, ... :> it would help to know if using Cisco, how many switches involved and are ... :> portfast enabled on those ports, and hopefully not on trunk ports. ...
    (microsoft.public.win2000.networking)
  • Re: Makes no sense to me?
    ... A NIC by itself cannot "join two routers". ... > What I think you want is to have two NICs in EACH server. ... > One NIC on each server connects to a corresponding router and nothing else. ... > shared switch defined on a third IP network ...
    (microsoft.public.win2000.networking)