Security Basics mailing list archives

Re: A good question about NIDS & HIDS or why NIDS ant not just HIDS?

From: Kel <kellstr () gmail com>
Date: Thu, 28 May 2009 19:27:44 -0400

 Most "attacks" are actually against web browsers and are usually like
a booby trap. A piece of malicious code is inserted in a web site
waiting for someone to trigger it. That payload may install a keystoke
reader on that computer and now every password entered on that box
goes back to the attacker. This isn't a server so you haven't
installed HIDS.

Personally, if I were going to attack a network I'd go after the
printers first, establish my foothold there, and then work on the
servers.

On Tue, May 26, 2009 at 8:46 PM, Juan B <juanbabi () yahoo com> wrote:


HI,

I am thinking that if the target of  a hacker is always the server so why I need the NIDS ? I can monitor very well 
just the servers with some kind of HIDS like Ossec and I am done no? why should I care about the NIDS when I have a 
well configured HIDS on every server?

thanks

Juan




------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most 
concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. 
Gain a laser like insight into what is covered on the exam, with zero fluff!

http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html
------------------------------------------------------------------------




--
Laws alone cannot secure freedom of expression; in order that every
man present his views without penalty there must be spirit of
tolerance in the entire population. - Albert Einstein

------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most 
concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain 
a laser like insight into what is covered on the exam, with zero fluff!

http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html
------------------------------------------------------------------------

Current thread:

Re: A good question about NIDS & HIDS or why NIDS ant not just HIDS? Kel (Jun 01)
- Re: A good question about NIDS & HIDS or why NIDS ant not just HIDS? Jeffrey Walton (Jun 01)
- <Possible follow-ups>
- Re: A good question about NIDS & HIDS or why NIDS ant not just HIDS? Thrynn (Jun 01)
  - Re: A good question about NIDS & HIDS or why NIDS ant not just HIDS? Francois Yang (Jun 01)
- Re: A good question about NIDS & HIDS or why NIDS ant not just HIDS? evilwon12 (Jun 01)
- Re: A good question about NIDS & HIDS or why NIDS ant not just HIDS? Laurens Vets (Jun 01)
- Re: A good question about NIDS & HIDS or why NIDS ant not just HIDS? Aarón Mizrachi (Jun 01)
- Re: A good question about NIDS & HIDS or why NIDS ant not just HIDS? lonervamp (Jun 01)
- RE: A good question about NIDS & HIDS or why NIDS ant not just HIDS? Nick Vaernhoej (Jun 01)
- Re: A good question about NIDS & HIDS or why NIDS ant not just HIDS? aditya mukadam (Jun 01)
- Re: A good question about NIDS & HIDS or why NIDS ant not just HIDS? Aarón Mizrachi (Jun 01)