Security Basics mailing list archives
Re: A good question about NIDS & HIDS or why NIDS ant not just HIDS?
From: aditya mukadam <aditya.mukadam () gmail com>
Date: Fri, 29 May 2009 21:19:32 +0530
If we have unbreakable safe at house , we still need doors, surveillance cameras in buildings, security guards ! Both HIDS and NIDS has there own importance based on the requirements. Its not a good idea to substitute one with another. Few points to consider: 1) HIDS is not a scalable option. It creates resources overhead to manage multiple HIDS than a single NIDS. 2) From an administrator's perspective, its better to analyze NIDS's single report of network traffic,incidents any network anomaly etc than checking HIDS individual reports. 3) Just in case the HIDS fails or is out of signature update, its better to have an alternate option i.e. a second line of defense,NIDS. Hope this helps. Thanks, Aditya Govind Mukadam CISSP,CEH, JNSA-Advanced Security, JNCIA-SSL,CQS-PIX,CQS-VPN On Wed, May 27, 2009 at 6:16 AM, Juan B <juanbabi () yahoo com> wrote:
HI, I am thinking that if the target of a hacker is always the server so why I need the NIDS ? I can monitor very well just the servers with some kind of HIDS like Ossec and I am done no? why should I care about the NIDS when I have a well configured HIDS on every server? t thanks Juan ------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain a laser like insight into what is covered on the exam, with zero fluff! http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain a laser like insight into what is covered on the exam, with zero fluff! http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html ------------------------------------------------------------------------
Current thread:
- Re: A good question about NIDS & HIDS or why NIDS ant not just HIDS? Kel (Jun 01)
- Re: A good question about NIDS & HIDS or why NIDS ant not just HIDS? Jeffrey Walton (Jun 01)
- <Possible follow-ups>
- Re: A good question about NIDS & HIDS or why NIDS ant not just HIDS? Thrynn (Jun 01)
- Re: A good question about NIDS & HIDS or why NIDS ant not just HIDS? Francois Yang (Jun 01)
- Re: A good question about NIDS & HIDS or why NIDS ant not just HIDS? evilwon12 (Jun 01)
- Re: A good question about NIDS & HIDS or why NIDS ant not just HIDS? Laurens Vets (Jun 01)
- Re: A good question about NIDS & HIDS or why NIDS ant not just HIDS? Aarón Mizrachi (Jun 01)
- Re: A good question about NIDS & HIDS or why NIDS ant not just HIDS? lonervamp (Jun 01)
- RE: A good question about NIDS & HIDS or why NIDS ant not just HIDS? Nick Vaernhoej (Jun 01)
- Re: A good question about NIDS & HIDS or why NIDS ant not just HIDS? aditya mukadam (Jun 01)
- Re: A good question about NIDS & HIDS or why NIDS ant not just HIDS? Aarón Mizrachi (Jun 01)