Security Basics mailing list archives
Re: A good question about NIDS & HIDS or why NIDS ant not just HIDS?
From: Aarón Mizrachi <unmanarc () gmail com>
Date: Fri, 29 May 2009 02:36:23 -0430
On Martes 26 Mayo 2009 20:16:56 Juan B escribió:
HI, I am thinking that if the target of a hacker is always the server so why I need the NIDS ? I can monitor very well just the servers with some kind of HIDS like Ossec and I am done no? why should I care about the NIDS when I have a well configured HIDS on every server?
Well, depends on the situation of your network... ex. You have a dbserver having the database of your company accounting, and you have a webserver to manage this database... There is two important servers on your network... Supposing that this servers can only be accessed from your internal network, you will only secure both servers, and not to monitor the whole network... In the fact, your servers will be protected to conventional attacks... but... What about the routers? What about the switches... What about the end computers? An attacker could deploy an attack to your switch like Man in the middle, or can attack your router forwarding the connections to a malicious computer having a imitation of your webserver... This malicious imitation will save and record all login tries and their passwords... And then... Your server with HIDS will be secure, but, the information traveling across the network not. --------- Yes, there is a possibility to secure the communication, you can install SSL certificates at both extremes of the conection (server and client)... But, this could also be broken if the hacker hack into client machine.
thanks Juan ------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain a laser like insight into what is covered on the exam, with zero fluff! http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html ------------------------------------------------------------------------
-- Ing. Aaron G. Mizrachi P. http://www.unmanarc.com Mobil 1: + 58 416-6143543 Mobil 2: + 58 424-2412503 BBPIN: 0x 247066C1
Attachment:
signature.asc
Description: This is a digitally signed message part.
Current thread:
- Re: A good question about NIDS & HIDS or why NIDS ant not just HIDS? Kel (Jun 01)
- Re: A good question about NIDS & HIDS or why NIDS ant not just HIDS? Jeffrey Walton (Jun 01)
- <Possible follow-ups>
- Re: A good question about NIDS & HIDS or why NIDS ant not just HIDS? Thrynn (Jun 01)
- Re: A good question about NIDS & HIDS or why NIDS ant not just HIDS? Francois Yang (Jun 01)
- Re: A good question about NIDS & HIDS or why NIDS ant not just HIDS? evilwon12 (Jun 01)
- Re: A good question about NIDS & HIDS or why NIDS ant not just HIDS? Laurens Vets (Jun 01)
- Re: A good question about NIDS & HIDS or why NIDS ant not just HIDS? Aarón Mizrachi (Jun 01)
- Re: A good question about NIDS & HIDS or why NIDS ant not just HIDS? lonervamp (Jun 01)
- RE: A good question about NIDS & HIDS or why NIDS ant not just HIDS? Nick Vaernhoej (Jun 01)
- Re: A good question about NIDS & HIDS or why NIDS ant not just HIDS? aditya mukadam (Jun 01)
- Re: A good question about NIDS & HIDS or why NIDS ant not just HIDS? Aarón Mizrachi (Jun 01)