IDS mailing list archives
Deploying Host based IDS: is there any benefit ??
From: Pete <pierre.grosbois () gmail com>
Date: Wed, 3 Aug 2005 10:28:05 +0200
Dear Security professionals, I have been assigned to deply Hist IDS... But I am trying to assess the benefits of HIDS vs devleopment of OS standard = OS hardening (UNIX and Windows). Indeed, I think deploying HIDS costs more time and money than OS hardening and for what benefit since it is a reactive solution. The maintainance of such a tool is heavy for operational team: When OS or applications versions change the HIDS agent has to be reinstalled, and the impact on business applications has to be assessed again. Regarding the features, it seems that the detection job of a Host IDS product can be done by advanced logging features of the OSs (syslog..) then only centralization and aggregation tool could be helpful. Please feel free to share your point of view or experience. Best regards, Pete ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
Current thread:
- Deploying Host based IDS: is there any benefit ?? Pete (Aug 03)
- Re: Deploying Host based IDS: is there any benefit ?? Sanjay Rawat (Aug 04)