Is an IDS needed with a firewall? If so why?

It depends on what you mean....

The benefits are numerous in using an NIDS or HIDS in a network environment. For example, Host based intrusion detection systems offer a distinct advantage in that they are installed locally and can be used to protect each individual workstation. A Network IDS is usually installed after the router and after the firewall. Correct placement of an IDS however is rather difficult. If placed incorrectly it can be seen as a liability. Mainly because an intruder will notice how all packets are being filtered through a certain computer before reaching its destination. NIDS are usually more involved with protecting the network as a whole rather than individual workstations. Besides location on a network, they offer distinct advantages as well. Because host based IDS' are installed locally they can monitor and log precisely what might be causing an undesirable activity on the workstation. An administrator can then recognize this from a central console and work from there. NIDS can help in read and determining information from logs. And by detecting invalid packet behavior or fragmented packets it might give a hint to the network admin of a possible port scan or DoS. Firewalls by themselves are generally less informative in this area. Overall, in a network environment I feel IDS' are most useful, especially when being complimented by a good firewall, antivirus, and security policy.

But for software firewalls on the windows platform... IMO I do not feel an IDS feature is necessary. Mainly because I do not see any significant advantage that a firewall with an IDS feature has over a firewall that does not have one. If anything I consider it as more of an "extra." Even with that said, I would still rather use a firewall with better packet filtering than one with an IDS. Some IDS signatures also produce false alarms.

Thanks for the info. I was thinking of buying a hardware firewall and was going to use an IDS with it.