Do I really need an IDS/NIDS?

Discussion in 'other firewalls' started by ahinterl, Jun 20, 2007.

Thread Status:
Not open for further replies.
  1. ahinterl

    ahinterl Registered Member

    Joined:
    Oct 5, 2005
    Posts:
    31
    I have a small home network which has various anti-malware/personal firewall software installed on the host systems (PCs) and a hardware firewall (Zywall 2 Plus) as perimeter protection.

    There's a trend to expensiver firewall solutions called 'UTM' devices that unite intrusion prevention, anti-virus, URL- and spam filtering through licensed services (=annual fees). Though in the home segment such appliances are not common, I wonder whether it would make sense to invest in such a thing for my home network.

    Agreed, an additional layer of security would make me feel better, but the costs for such systems and the annual fees are high, and because of my network topology I'd need to invest in another pair of WLAN bridges as well just to have an IPS.

    I have no clue from what kind of attacks such a NIDS/IPS/IDS or however it's name is would save me from and if it would be beneficial at all if I need no URL etc. filter but only anti virus and intrusion protection.
    Is a firewall vulnerable to intrusions from outside in general so I need additional protection (snort comes to my mind) or is there some other concept an IPS would be of value?

    Any comments?

    Andreas
     
  2. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hello,
    You do not need it.
    Your firewall should do the trick.
    And if you really itch, go for SmoothWall firewall - Linux, free + Snort.
    Mrk
     
  3. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,786
    In my humble opinion you don't need it as Mrk says... The average home user is never going to see any "attacks".
     
  4. wantsprotection

    wantsprotection Registered Member

    Joined:
    Jun 12, 2007
    Posts:
    35
    Intrusion detection systems can catch some attacks that firewalls can't.

    As one example, consider DNS Tunneling. A trojan, spyware, or rogue user may attempt to bypass your firewall via a DNS tunnel. It asks your trusted DNS server to lookup the following names:

    direc.outside.com
    tory_.outside.com
    conte.outside.com
    nts_o.outside.com
    f_c_d.outside.com
    dive_.outside.com

    The IP address replies could also include encoded information. In fact, there's already an IP-over-DNS suite you can download for free.

    Most hardware firewalls would only see DNS queries and replies being sent to a trusted local server and therefore permit them without warning. An intrusion detection system could note the high volume of DNS traffic and take action or warn you about the threat.

    On the plus side, a firewall or HIPS software solution would have a 33% chance of stopping the malware according to recent tests.

    How likely are you to come under attack, and what might you lose if one is successful?
     
  5. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    Let me get this straight, that involves a trojan running on my computer? Not disregarding your information, just clarification.

    And this would be useful also if i run some server software?
     
    Last edited: Jun 20, 2007
  6. wantsprotection

    wantsprotection Registered Member

    Joined:
    Jun 12, 2007
    Posts:
    35
    Correct. This involves a trojan or spyware running on your computer, or a rogue user attempting to bypass your firewall(s).
     
  7. xuesisi

    xuesisi Registered Member

    Joined:
    Mar 2, 2007
    Posts:
    71
    You can use TINY's IDS/IPS it's works ok
     
  8. mvdu

    mvdu Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    1,151
    Location:
    PA
    I also have a home network (3 computers,) protected by a router. Would ESS (Eset Smart Security) or KIS's IDS systems really provide me more protection than Comodo does?
     
Loading...
Thread Status:
Not open for further replies.