Problem solve Get help with specific problems with your technologies, process and projects.

Using an IDS to monitor the domain controller

I have clients with a small-to-medium networking environment. They are monitoring their budget. Is it safe to install...

snort on a Windows system configured as a domain controller? IDS will be used to monitor the DC instead of the entire LAN segment.

A better question would be why are they trying to use a network intrusion detection system to monitor a host, rather than using a host-based IDS to monitor that domain controller? If they want to monitor the LAN, they should use a separate host. Given that the price of systems advertised in the Sunday paper are often under $500 (after rebates), I fail to see how your clients can't afford to have a separate host for this purpose. If that is too expensive, how are they paying your consulting bill?

Anyway, for host-based IDS, Enterasys and Cisco are among the companies that have HIDS products. I'm sure there are others.

This was last published in September 2004

Dig Deeper on Network intrusion detection and prevention (IDS-IPS)

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.