hi,

i would like to clarify some issue:

Is Intrusion Detection system the same as Monitoring system (i think they are different, but some of my friends told me that monitoring is a subset of IDS)?

If I am going to install the IDS system (SNORT), do i still need to install the monitoring system?

what are the best product for IDS and Monitoring systems?

thanks

If I am going to install the IDS system (SNORT), do i still need to install the monitoring system? Probably.

A monitor, which you probably already know, monitors a server and/or service and alerts you to it's status.

An IDS system uses prebuilt signatures and inspects system packets that match these signatures and alerts you when when that condition has been met.

Hope that helps!

Greetings:

An Intrustion Detection System (IDS) will not let you know server health or if a given service is running or not.

So typically you have some form of monitoring --- content delivery engine, database monitoring, server health --- along with a firewall and an IDS.

Thank you.

And technically Snort is a NIDS (Network Intrustion Detection System). It only detects things that come across the wire that look funny.

As far as monitors go, I'd check out Nagios (www.nagios.org). Nagios is the new name/version of Net Saint (www.netsaint.org).

I would also suggest that you look at Log Sentry (http://www.psionic.com/products/logsentry.html) from Psionic and AIDE (http://www.cs.tut.fi/~rammer/aide.html) or TripWire (http://www.tripwire.com/).

Log Sentry scans your system logs and looks for strange things. AIDE/TripWire keep information about each file (at least the ones you care about) and then can be re-run to insure that they have not been changed.

If you are doing hosting, SNORT is not enough. A valid user could access your server and then use some method to gain unauthorized access (i.e. become root etc.). SNORT will never catch that, because the access the server is a normal manner (i.e. telnet/ssh).

Frank