Hi All,

Our internal network is protected by 2 layers of firewall and we also use TippingPoint and Snort.  Is there any reason why we would need to implement a host-based intrusion detection system on the individual servers?  Any resources supporting this would be appreciated.

Who is Participating?
KETTANEHConnect With a Mentor Commented:
HIDS will help alot for internal attack ... these attacks will not go through your firewall :)
PhateonConnect With a Mentor Commented:
Rich RumbleConnect With a Mentor Security SamuraiCommented:
Well if your HIDS doesn't take any action, it's just another IDS making noise. Some HIDS take action, others only alert, most NIDS's are alert only and take no active actions, but an IPS or Application Firewall typically attempt to close, block or reset connections that trigger alerts.
The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

eaandersConnect With a Mentor Commented:
HIDS have a completely different signature set and of course vary from vendor to vendor.  They report changes to the file system, processes that misbehave, attempts to access or modify protected resources, changes to auditing policy, etc that match signatures.  None of this activity is visible to a NIDS.  If an exposure occurs over an encrypted session (e.g. SSL), your NIDS will not see it but depending on what the exposure attempts to do on the box, your HIDS may detect it.

In addition, some government organizations require HIDS to be installed.  Check your network security compliance requirements
astralcomputingConnect With a Mentor Commented:
HIDS will help you in the event of an HTTPS, endpoint to endpoint encrypted attack. That type of attack will generally go through IPS's because of the private key encryption.
All the above answers added, is your answer :-)

So it is a go, if you have an option.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.