Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

HIDS vs NIDS

Posted on 2009-07-14
6
Medium Priority
?
2,257 Views
Last Modified: 2013-11-29
Hi All,

Our internal network is protected by 2 layers of firewall and we also use TippingPoint and Snort.  Is there any reason why we would need to implement a host-based intrusion detection system on the individual servers?  Any resources supporting this would be appreciated.

Thanks.
0
Comment
Question by:ISS_Expert
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 5

Accepted Solution

by:
KETTANEH earned 400 total points
ID: 24857928
HIDS will help alot for internal attack ... these attacks will not go through your firewall :)
0
 
LVL 7

Assisted Solution

by:Phateon
Phateon earned 400 total points
ID: 24877357
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 400 total points
ID: 25023185
Well if your HIDS doesn't take any action, it's just another IDS making noise. Some HIDS take action, others only alert, most NIDS's are alert only and take no active actions, but an IPS or Application Firewall typically attempt to close, block or reset connections that trigger alerts.
-rich
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 1

Assisted Solution

by:eaanders
eaanders earned 400 total points
ID: 25079986
HIDS have a completely different signature set and of course vary from vendor to vendor.  They report changes to the file system, processes that misbehave, attempts to access or modify protected resources, changes to auditing policy, etc that match signatures.  None of this activity is visible to a NIDS.  If an exposure occurs over an encrypted session (e.g. SSL), your NIDS will not see it but depending on what the exposure attempts to do on the box, your HIDS may detect it.

In addition, some government organizations require HIDS to be installed.  Check your network security compliance requirements
0
 
LVL 6

Assisted Solution

by:astralcomputing
astralcomputing earned 400 total points
ID: 25268776
HIDS will help you in the event of an HTTPS, endpoint to endpoint encrypted attack. That type of attack will generally go through IPS's because of the private key encryption.
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 25275019
All the above answers added, is your answer :-)

So it is a go, if you have an option.

Cheers,
rsivanandan
0

Featured Post

Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hey fellow admins! This time, I have a little fairy tale for you. As many tales do, it starts boring and then gets pretty gory. I hope you like it. TL;DR: It is about an important security matter, you should read it if you run or administer Windows …
Will you be ready when the clock on GDPR compliance runs out? Is GDPR even something you need to worry about? Find out more about the upcoming regulation changes and download our comprehensive GDPR checklist today !
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question