Posted on 2009-07-14
Last Modified: 2013-11-29
Hi All,

Our internal network is protected by 2 layers of firewall and we also use TippingPoint and Snort.  Is there any reason why we would need to implement a host-based intrusion detection system on the individual servers?  Any resources supporting this would be appreciated.

Question by:ISS_Expert

Accepted Solution

KETTANEH earned 100 total points
ID: 24857928
HIDS will help alot for internal attack ... these attacks will not go through your firewall :)

Assisted Solution

Phateon earned 100 total points
ID: 24877357
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 100 total points
ID: 25023185
Well if your HIDS doesn't take any action, it's just another IDS making noise. Some HIDS take action, others only alert, most NIDS's are alert only and take no active actions, but an IPS or Application Firewall typically attempt to close, block or reset connections that trigger alerts.
Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.


Assisted Solution

eaanders earned 100 total points
ID: 25079986
HIDS have a completely different signature set and of course vary from vendor to vendor.  They report changes to the file system, processes that misbehave, attempts to access or modify protected resources, changes to auditing policy, etc that match signatures.  None of this activity is visible to a NIDS.  If an exposure occurs over an encrypted session (e.g. SSL), your NIDS will not see it but depending on what the exposure attempts to do on the box, your HIDS may detect it.

In addition, some government organizations require HIDS to be installed.  Check your network security compliance requirements

Assisted Solution

astralcomputing earned 100 total points
ID: 25268776
HIDS will help you in the event of an HTTPS, endpoint to endpoint encrypted attack. That type of attack will generally go through IPS's because of the private key encryption.
LVL 32

Expert Comment

ID: 25275019
All the above answers added, is your answer :-)

So it is a go, if you have an option.


Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
quarantine versus delete 6 69
Extra security implementation for 2017 9 49
Help with preventing downloading a zip file 10 35
Orphaned SIDs on shared folders 3 17
The new Gmail Phishing Scam going around is surprising even the savviest of users with its sophisticated techniques. This attack comes as a nightmare trifecta for email filtering services; sent from a familiar contact, using authentic tone and verbi…
One of the biggest threats in the cyber realm pertains to advanced persistent threats (APTs). This paper is a compare and contrast of Russian and Chinese APT's.
Sending a Secure fax is easy with eFax Corporate ( First, just open a new email message. In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now