about IDSes

Man, what’s this IDS/IPS systems about?!! I’m now reading different sites definition which state that they differ from general firewalls and become essentials for organizations today. If I begin work for a company as an IT specialist do I need to install these along with firewall/routers? As I’m now reading they function similarly and generate alerts/prevention rules as firewall do, so what’s the big difference then? Wouldn’t the network slow down if I use IDS/IPS also with firewall/router? please share some lights on this, I really interested.

CIS has many features already built such as do protocol analysis and anti ARP spoofing. NIDS are placed within the network to monitor traffic to and from all devices on the network. NIDS would be installed on the subnet where firewalls are located in order to see if someone is trying to break into the firewall. A system that terminates connections is called an intrusion prevention system, and is another form of an application layer firewall. Some IDS is governed by signatures and Heuristics when it comes to network attacks such as a antivirus uses it’s own signatures for malware. If you want to learn more I suggest you do some research on production and/or research Honeypots.

sAyer many thanks for answering. When you say “NIDS would be installed on the subnet where firewalls are located” I consider you mainly mean hardware based ids/ips, right?! otherwise if it’s software based then as I have read the main difference is that nids is signatures based than normal firewall but still seems to me just as another additional firewall on the top. I found Snort which is free ids/ips program and thinking to install it just to see how it works, only I don’t have have much network at my home.

Out of topic but have you ever used Emet? If yes, is it worth? Does it send statistics back to microsoft?

There are many forms of deployment. I think if you check out Tripwire especially the case studies and data sheets under resources it will give you a better understanding. I’m no expert just somewhat familiar.

Never tried/used Emet. Knowing Microsoft it most surely sends data and statistics. That’s just speculation. Microsoft privacy policies seem to be very vague so who knows. :slight_smile: