I have clients with a small-to-medium networking environment. They are monitoring their budget. Is it safe to install
snort on a Windows system configured as a domain controller? IDS will be used to monitor the DC instead of the entire LAN segment.
A better question would be why are they trying to use a network intrusion detection system to monitor a host, rather than using a host-based IDS to monitor that domain controller? If they want to monitor the LAN, they should use a separate host. Given that the price of systems advertised in the Sunday paper are often under $500 (after rebates), I fail to see how your clients can't afford to have a separate host for this purpose. If that is too expensive, how are they paying your consulting bill?
Anyway, for host-based IDS, Enterasys and Cisco are among the companies that have HIDS products. I'm sure there are others.
Dig deeper on Network Intrusion Detection (IDS)
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.