IDS poll

Discussion in 'polls' started by mvdu, Dec 30, 2003.

?

How important is having an IDS?

  1. Important

    1 vote(s)
    50.0%
  2. It's just an extra

    0 vote(s)
    0.0%
  3. Depends

    1 vote(s)
    50.0%
Thread Status:
Not open for further replies.
  1. mvdu

    mvdu Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    1,151
    Location:
    PA
    I'm debating whether I should have one when I'm behind a router and on a home computer.
     
  2. Randy_Bell

    Randy_Bell Registered Member

    Joined:
    May 24, 2002
    Posts:
    3,004
    Location:
    Santa Clara, CA
    I voted, "it's just an extra" .. especially considering you're behind a router that already provides strong inbound protection. JMHO .. Happy New Year! ;) :D :)
     
  3. mvdu

    mvdu Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    1,151
    Location:
    PA
    Hi, Randy - thanks, and a big Happy New Year to you, too!!
     
  4. JayK

    JayK Poster

    Joined:
    Dec 27, 2002
    Posts:
    619
    I voted for huh? What's IDS ?? :rolleyes:

    Oh wait no such option?
     
  5. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,875
    Location:
    New England
    I gave you a "depends" vote.

    I believe an IDS is most valuable when run on a system or network segment that allows inbound connections from another network (such as the Internet). The best example of an environment where an IDS adds the greatest value (as far as I'm concerned) is when it is run on a webserver (or similar public server).

    In this situation, any router and/or firewall in the network configuration will be configured to allow inbound traffic to that webserver on the specific port it's configured to run on (typically TCP port 80). So, these devices (ie. the router & firewall) are not providing any protection specifically for the traffic passing through on the allowed port.

    However, an IDS would be able to scan that incoming traffic looking for known malicious data patterns within the packets. An IDS could trap something like a Code Red attack hitting that webserver where a firewall that simply allows any incoming port 80 traffic wouldn't be of any help.

    On the other hand, I don't think running an IDS hurts even if you run it on a system that provides no services at all. In that case, it would certainly be "an extra."
     
  6. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    4,449
    Location:
    North Carolina, USA
    It was a toss up for me as "an extra" or "it depends".... With my particular setup, I would consider it an extra but believe each much look at their individual setup to decide...

    Regards,
    Kent
     
  7. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    I am behind a router home network on dsl. Set up so the comps can't communicate anyway. It would just be an extra :)
     
  8. meneer

    meneer Registered Member

    Joined:
    Nov 27, 2002
    Posts:
    1,132
    Location:
    The Netherlands
    I agree with LWM, in our company it is vital to know what's happening at the gate and our firewall and IDS keep us alert.
    On my home system I'm running the snort intrusion detection system (I'm running a linux gateway and web- and mailserver). It will of course not prevent intrusions, but it constantly shows me that the system is still working, thereby adding Trust. And that's one quality that's valuable.
    I voted: it depends: once you've got such a system you'll have to use it. When you're not exposing any services, dont'use an IDS. It's a nice bonus in your personal firewall, nut it will not enhance security if you don't act on it.

    The current buzz word is Intrusion Prevention... it's just another word for dynamically configuring the perimeter protection based on what's happening outside. You'll have to trust your system to let is configure itself ;)
     
  9. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    Since my reply on this subject, (IDS) I have installed my BlackIce pc protection. I guess I can now say I have an IDS system installed. :)
     

    Attached Files:

  10. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
    IDS are excellent when you have servers, also a good IDS with IPS and FW like Sygate Pro are good combination.
     
  11. mvdu

    mvdu Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    1,151
    Location:
    PA
    Thanks for the responses. So do you think that in my situation, ZAP will protect me just as well as NPF, Sygate Pro, or BlackICE would?
     
  12. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    If your router has a firewall any of the soft firewalls mentioned will stop out going and your router firewall will stop incoming. I am running a router with a hardware firewall and a soft firewall and I feel very secure with this setup. ;)
     
Loading...
Similar Threads
  1. Oleg
    Replies:
    61
    Views:
    2,272
Thread Status:
Not open for further replies.