Q

Using an IDS to monitor the domain controller

I have clients with a small-to-medium networking environment. They are monitoring their budget. Is it safe to install...

snort on a Windows system configured as a domain controller? IDS will be used to monitor the DC instead of the entire LAN segment.

A better question would be why are they trying to use a network intrusion detection system to monitor a host, rather than using a host-based IDS to monitor that domain controller? If they want to monitor the LAN, they should use a separate host. Given that the price of systems advertised in the Sunday paper are often under $500 (after rebates), I fail to see how your clients can't afford to have a separate host for this purpose. If that is too expensive, how are they paying your consulting bill?

Anyway, for host-based IDS, Enterasys and Cisco are among the companies that have HIDS products. I'm sure there are others.

This was first published in September 2004

Dig Deeper

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close