Solved

HIDS vs NIDS

Posted on 2009-07-14
6
2,047 Views
Last Modified: 2013-11-29
Hi All,

Our internal network is protected by 2 layers of firewall and we also use TippingPoint and Snort.  Is there any reason why we would need to implement a host-based intrusion detection system on the individual servers?  Any resources supporting this would be appreciated.

Thanks.
0
Comment
Question by:ISS_Expert
6 Comments
 
LVL 5

Accepted Solution

by:
KETTANEH earned 100 total points
ID: 24857928
HIDS will help alot for internal attack ... these attacks will not go through your firewall :)
0
 
LVL 7

Assisted Solution

by:Phateon
Phateon earned 100 total points
ID: 24877357
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 100 total points
ID: 25023185
Well if your HIDS doesn't take any action, it's just another IDS making noise. Some HIDS take action, others only alert, most NIDS's are alert only and take no active actions, but an IPS or Application Firewall typically attempt to close, block or reset connections that trigger alerts.
-rich
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 1

Assisted Solution

by:eaanders
eaanders earned 100 total points
ID: 25079986
HIDS have a completely different signature set and of course vary from vendor to vendor.  They report changes to the file system, processes that misbehave, attempts to access or modify protected resources, changes to auditing policy, etc that match signatures.  None of this activity is visible to a NIDS.  If an exposure occurs over an encrypted session (e.g. SSL), your NIDS will not see it but depending on what the exposure attempts to do on the box, your HIDS may detect it.

In addition, some government organizations require HIDS to be installed.  Check your network security compliance requirements
0
 
LVL 6

Assisted Solution

by:astralcomputing
astralcomputing earned 100 total points
ID: 25268776
HIDS will help you in the event of an HTTPS, endpoint to endpoint encrypted attack. That type of attack will generally go through IPS's because of the private key encryption.
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 25275019
All the above answers added, is your answer :-)

So it is a go, if you have an option.

Cheers,
rsivanandan
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Many companies are looking to get out of the datacenter business and to services like Microsoft Azure to provide Infrastructure as a Service (IaaS) solutions for legacy client server workloads, rather than continuing to make capital investments in h…
Find out what Office 365 Transport Rules are, how they work and their limitations managing Office 365 signatures.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now