I voted, "it's just an extra" .. especially considering you're behind a router that already provides strong inbound protection. JMHO .. Happy New Year!
I gave you a "depends" vote. I believe an IDS is most valuable when run on a system or network segment that allows inbound connections from another network (such as the Internet). The best example of an environment where an IDS adds the greatest value (as far as I'm concerned) is when it is run on a webserver (or similar public server). In this situation, any router and/or firewall in the network configuration will be configured to allow inbound traffic to that webserver on the specific port it's configured to run on (typically TCP port 80). So, these devices (ie. the router & firewall) are not providing any protection specifically for the traffic passing through on the allowed port. However, an IDS would be able to scan that incoming traffic looking for known malicious data patterns within the packets. An IDS could trap something like a Code Red attack hitting that webserver where a firewall that simply allows any incoming port 80 traffic wouldn't be of any help. On the other hand, I don't think running an IDS hurts even if you run it on a system that provides no services at all. In that case, it would certainly be "an extra."
It was a toss up for me as "an extra" or "it depends".... With my particular setup, I would consider it an extra but believe each much look at their individual setup to decide... Regards, Kent
I am behind a router home network on dsl. Set up so the comps can't communicate anyway. It would just be an extra
I agree with LWM, in our company it is vital to know what's happening at the gate and our firewall and IDS keep us alert. On my home system I'm running the snort intrusion detection system (I'm running a linux gateway and web- and mailserver). It will of course not prevent intrusions, but it constantly shows me that the system is still working, thereby adding Trust. And that's one quality that's valuable. I voted: it depends: once you've got such a system you'll have to use it. When you're not exposing any services, dont'use an IDS. It's a nice bonus in your personal firewall, nut it will not enhance security if you don't act on it. The current buzz word is Intrusion Prevention... it's just another word for dynamically configuring the perimeter protection based on what's happening outside. You'll have to trust your system to let is configure itself
Since my reply on this subject, (IDS) I have installed my BlackIce pc protection. I guess I can now say I have an IDS system installed.
IDS are excellent when you have servers, also a good IDS with IPS and FW like Sygate Pro are good combination.
Thanks for the responses. So do you think that in my situation, ZAP will protect me just as well as NPF, Sygate Pro, or BlackICE would?
If your router has a firewall any of the soft firewalls mentioned will stop out going and your router firewall will stop incoming. I am running a router with a hardware firewall and a soft firewall and I feel very secure with this setup.