Ask the Expert

Using an IDS to monitor the domain controller

I have clients with a small-to-medium networking environment. They are monitoring their budget. Is it safe to install snort on a Windows system configured as a domain controller? IDS will be used to monitor the DC instead of the entire LAN segment.

    Requires Free Membership to View

A better question would be why are they trying to use a network intrusion detection system to monitor a host, rather than using a host-based IDS to monitor that domain controller? If they want to monitor the LAN, they should use a separate host. Given that the price of systems advertised in the Sunday paper are often under $500 (after rebates), I fail to see how your clients can't afford to have a separate host for this purpose. If that is too expensive, how are they paying your consulting bill?

Anyway, for host-based IDS, Enterasys and Cisco are among the companies that have HIDS products. I'm sure there are others.

This was first published in September 2004

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: